Filtered by vendor Sysaid Subscriptions
Filtered by product Sysaid On-premises Subscriptions

Search

Switch to Advanced Search (Beta)
Total 7 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-2775 1 Sysaid 2 Sysaid, Sysaid On-premises 2025-11-19 9.3 Critical
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.
CVE-2025-2776 1 Sysaid 2 Sysaid, Sysaid On-premises 2025-11-19 9.3 Critical
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.
CVE-2025-2777 1 Sysaid 2 Sysaid, Sysaid On-premises 2025-11-19 9.3 Critical
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives.
CVE-2023-47246 1 Sysaid 2 Sysaid, Sysaid On-premises 2025-10-31 9.8 Critical
In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
CVE-2023-32226 1 Sysaid 1 Sysaid On-premises 2024-11-21 8.3 High
Sysaid - CWE-552: Files or Directories Accessible to External Parties -  Authenticated users may exfiltrate files from the server via an unspecified method.
CVE-2023-32225 1 Sysaid 1 Sysaid On-premises 2024-11-21 9.8 Critical
Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type -  A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method.
CVE-2020-13168 1 Sysaid 2 Sysaid On-premises, Sysaidsy On-premises 2024-11-21 6.1 Medium
SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter.