Home/Product/lansweeper
Product

lansweeper

18 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2022-32763
all versions
A cross-site scripting (xss) sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper 1
6.1MEDIUM
 CVE-2022-32573
all versions
A directory traversal vulnerability exists in the AssetActions.aspx addDoc functionality of Lansweeper 10.1.1.0. A spec
9.9CRITICAL
 CVE-2022-29517
all versions
A directory traversal vulnerability exists in the HelpdeskActions.aspx edittemplate functionality of Lansweeper 10.1.1.
9.9CRITICAL
 CVE-2022-29511
all versions
A directory traversal vulnerability exists in the KnowledgebasePageActions.aspx ImportArticles functionality of Lansweeper lanswee
6.5MEDIUM
 CVE-2022-28703
all versions
A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages functionality of Lansweeper lans
5.4MEDIUM
 CVE-2022-27498
all versions
A directory traversal vulnerability exists in the TicketTemplateActions.aspx GetTemplateAttachment functionality of Lansweeper lan
6.5MEDIUM
 CVE-2022-22149
all versions
A SQL injection vulnerability exists in the HelpdeskEmailActions.aspx functionality of Lansweeper 9.1.20.2. A specially
8.8HIGH
 CVE-2022-21234
all versions
An SQL injection vulnerability exists in the EchoAssets.aspx functionality of Lansweeper 9.1.20.2. A specially-crafted
8.8HIGH
 CVE-2022-21210
all versions
An SQL injection vulnerability exists in the AssetActions.aspx functionality of Lansweeper 9.1.20.2. A specially-crafte
8.8HIGH
 CVE-2022-21145
all versions
A stored cross-site scripting vulnerability exists in the WebUserActions.aspx functionality of Lansweeper 9.1.20.2. A s
4.8MEDIUM
 CVE-2020-13658
all versions
In Lansweeper 8.0.130.17, the web console is vulnerable to a CSRF attack that would allow a low-level Lansweeper user to elevate t
8.0HIGH
 CVE-2020-14011
>= 6.0.0.19 and <= 7.2.108.6
Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless
9.8CRITICAL
 CVE-2019-18955
all versions
The web console in Lansweeper 7.2.105.2 has XSS via the URL path. Product vulnerability has been fixed and disclosed within change
6.1MEDIUM
 CVE-2019-13462
< 7.1.117.4
Lansweeper before 7.1.117.4 allows unauthenticated SQL injection.
9.1CRITICAL
 CVE-2015-9264
>= 4.0 and <= 4.2.0.90
Lansweeper 4.x through 6.x before 6.0.0.48 allows attackers to execute arbitrary code on the administrator's workstation via a cra
9.8CRITICAL
 CVE-2017-16841
< 6.0.100.94
LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx.
6.1MEDIUM
 CVE-2017-13706
<= 6.0.100.29
XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.
9.9CRITICAL
 CVE-2017-9292
<= 6.0.0.64
Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug 542782.
6.1MEDIUM
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh