← Back

Provision

provision

Vendor: Stvs • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-47724
1Stvs
1Provision
Feb 13, 2026
Dec 9, 2025
7.1 HIGH· v4
6.5 MEDIUM· v3
N/A· v2
STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GE...Show more
STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read sensitive system files like /etc/passwd.Show less
CVE-2021-47723
1Stvs
1Provision
Feb 17, 2026
Dec 9, 2025
6.9 MEDIUM· v4
8.8 HIGH· v3
N/A· v2
STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web...Show more
STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users.Show less