CVE-2022-22148

'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc...

CVE-2024-22148

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Smart Editor JoomUnited allows Reflected XSS.This issue affects JoomUnited: from n/a through 1.3.3...

CVE-2024-22148

creationtimestamp| type| source ---|---|--- 2024-02-01 11:31:19+00:00| seen| https://t.me/ctinow/177489 2024-02-24 07:36:57+00:00| seen| https://t.me/ctinow/192455...

CVE-2024-22148

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Smart Editor JoomUnited allows Reflected XSS.This issue affects JoomUnited: from n/a through 1.3.3...

CVE-2024-22148 WordPress WP Smart Editor Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Smart Editor JoomUnited allows Reflected XSS.This issue affects JoomUnited: from n/a through 1.3.3...

CVE-2024-22148

WP Smart Editor JoomUnited plugin (WordPress) &lt;= 1.3.3 is vulnerable to Reflected XSS due to improper input neutralization and insufficient output escaping. Affected versions:

WordPress WP Smart Editor Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)

Software WP Smart Editor Type Plugin Vulnerable versions = 1.3.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22148 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 283e36beca35 Credits Dimas Maulana Required privilege...

Piwigo <= 2.10.2 Multiple XSS Vulnerabilities

Piwigo is prone to multiple cross-site scripting XSS vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Yokogawa CENTUM and Exaopc Improper Neutralization of Special Elements Used in an OS Command (CVE-2022-22148)

'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc...

CVE-2022-22148

creationtimestamp| type| source ---|---|--- 2022-03-11 12:14:50+00:00| seen| https://t.me/cibsecurity/38777...

CVE-2022-22148

CVE-2022-22148 affects Yokogawa CENTUM CS 3000 (R3.08.10–R3.09.00), CENTUM VP (R4.01.00–R4.03.00, R5.01.00–R5.04.20, R6.01.00–R6.08.00), and Exaopc (R3.72.00–R3.79.00). Root Service creates a named pipe with improper ACLs, enabling OS command injection via a local attacker to run arbitrary progra...

CVE-2021-22148

Elastic Enterprise Search App Search prior to 7.14.0 is vulnerable due to API keys not being bound to the same engines as their creator, enabling a less-privileged user to access engines they should not reach. Red Hat and CVE mappings corroborate the issue. Affected product: Elastic Enterprise Se...

CVE-2020-22148

CVE-2020-22148 affects Piwigo 2.10.1. The vulnerability is a stored cross-site scripting (XSS) in /admin.php?page=tags that allows attackers to execute arbitrary web scripts or HTML. This is described across multiple sources in the connected documents. No remediation details are provided in the g...