Product:

Lansweeper

(Lansweeper)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 18
Date Id Summary Products Score Patch Annotated
2022-04-14 CVE-2022-22149 A SQL injection vulnerability exists in the HelpdeskEmailActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Lansweeper 8.8
2020-09-30 CVE-2020-13658 In Lansweeper 8.0.130.17, the web console is vulnerable to a CSRF attack that would allow a low-level Lansweeper user to elevate their privileges within the application. Lansweeper 8.0
2019-12-19 CVE-2019-18955 The web console in Lansweeper 7.2.105.2 has XSS via the URL path. Product vulnerability has been fixed and disclosed within changelog as of 02 Dec 2019. Lansweeper N/A
2019-08-12 CVE-2019-13462 Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. Lansweeper 9.1
2017-05-29 CVE-2017-9292 Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug 542782. Lansweeper 6.1
2017-11-16 CVE-2017-16841 LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx. Lansweeper 6.1
2017-10-10 CVE-2017-13706 XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery (SSRF) attacks, conduct internal port scans, or have unspecified other impact via an XML request, aka bug #572705. Lansweeper 9.9
2018-08-27 CVE-2015-9264 Lansweeper 4.x through 6.x before 6.0.0.48 allows attackers to execute arbitrary code on the administrator's workstation via a crafted Windows service. Lansweeper 9.8