Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Lansweeper
(Lansweeper)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 18 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-12-19 | CVE-2019-18955 | The web console in Lansweeper 7.2.105.2 has XSS via the URL path. Product vulnerability has been fixed and disclosed within changelog as of 02 Dec 2019. | Lansweeper | N/A | ||
| 2019-08-12 | CVE-2019-13462 | Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. | Lansweeper | 9.1 | ||
| 2017-05-29 | CVE-2017-9292 | Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug 542782. | Lansweeper | 6.1 | ||
| 2017-11-16 | CVE-2017-16841 | LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx. | Lansweeper | 6.1 | ||
| 2017-10-10 | CVE-2017-13706 | XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery (SSRF) attacks, conduct internal port scans, or have unspecified other impact via an XML request, aka bug #572705. | Lansweeper | 9.9 | ||
| 2018-08-27 | CVE-2015-9264 | Lansweeper 4.x through 6.x before 6.0.0.48 allows attackers to execute arbitrary code on the administrator's workstation via a crafted Windows service. | Lansweeper | 9.8 |