OvaledgeCVEs & Vulnerabilities

8 CVEs affecting Ovaledge products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

ovaledge 8
CVE-2022-30361MEDIUM

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserType. No authentication is required. The information disclosed is associated with the registered user ID, status, email address, role(s), user type, license type, and personal details such as first name, last name, gender, and user preferences.

25 Oct 2024
5.3
CVSS
CVE-2022-30360MEDIUM

OvalEdge 5.2.8.0 and earlier is affected by multiple Stored XSS (AKA Persistent or Type II) vulnerabilities via a POST request to /profile/updateProfile via the slackid or phone parameters. Authentication is required.

25 Oct 2024
6.4
CVSS
CVE-2022-30359MEDIUM

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. Authentication is required. The information disclosed is associated with the all registered users, including user ID, status, email address, role(s), user type, license type, and personal details such as first name, last name, gender, and user preferences.

25 Oct 2024
4.3
CVSS
CVE-2022-30358HIGH

OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. Authentication is required.

25 Oct 2024
8.8
CVSS
CVE-2022-30357HIGH

OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required.

25 Oct 2024
8.8
CVSS
CVE-2022-30356MEDIUM

OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation vulnerability via a POST request to /user/assignuserrole via the userid and role parameters . Authentication is required with OE_ADMIN role privilege.

25 Oct 2024
4.7
CVSS
CVE-2022-30355CRITICAL

OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required.

25 Oct 2024
9.8
CVSS
CVE-2022-30354HIGH

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserWithTeam. Authentication is required. The information disclosed is associated with all registered user ID numbers.

25 Oct 2024
7.5
CVSS
← PrevPage 1 / 1Next →