Stored XSS in kiwiTCMS

Description Stored XSS, also known as persistent XSS, is the more damaging of the XSS. It occurs when a malicious script is injected directly into a vulnerable web application. Due to a sanitization problem it is possible to perform a Stored XSS. The problem is that the upload function permit...

GHSA-V42F-HQ78-8C5M Denial of service in Mattermost

A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data...

Denial of service

A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data...

CVE-2022-4045

CVE-2022-4045 describes a denial-of-service in Mattermost Server: an authenticated user can crash the server by sending multiple requests to an API endpoint that may fetch a large amount of data. The Nessus entry confirms an authenticated, remote attacker can crash the server. Impact is limited t...

PT-2022-8678 · Optilink · Optilink Op-Xt71000N

Name of the Vulnerable Software and Affected Versions: OPTILINK OP-XT71000N version V2.2, Firmware Version: OP V3.3.1-191028 Description: A remote attacker can conduct a cross-site request forgery CSRF attack due to insufficient CSRF protections for the "mgm config file.asp" file. This allows an...

CVE-2022-3589

An API Endpoint used by Miele's "AppWash" MobileApp in all versions was vulnerable to an authorization bypass. A low privileged, remote attacker would have been able to gain read and partial write access to other users data by modifying a small part of a HTTP request sent to the API. Reading or...

CVE-2022-3589 Miele: Vulnerability in cloud service used by appWash

An API Endpoint used by Miele's "AppWash" MobileApp in all versions was vulnerable to an authorization bypass. A low privileged, remote attacker would have been able to gain read and partial write access to other users data by modifying a small part of a HTTP request sent to the API. Reading or...

CVE-2022-45132

In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...

DEBIAN-CVE-2022-45132

In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...

CVE-2022-20925

A vulnerability in the web management interface of the Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for...

Input validation

A vulnerability in the web management interface of the Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for...

CVE-2022-20926

A vulnerability in the web management interface of the Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for...

PT-2022-25867 · Unknown · Eyesofnetwork Web Interface

Name of the Vulnerable Software and Affected Versions: EyesOfNetwork Web Interface version 5.3 Description: A reflected cross-site scripting XSS issue was found in the EyesOfNetwork Web Interface, specifically via the "module/admin bp/add application.php" API endpoint. This issue can be exploited...

PT-2022-25868 · Unknown · Eyesofnetwork Web Interface

Name of the Vulnerable Software and Affected Versions: EyesOfNetwork Web Interface version 5.3 Description: A reflected cross-site scripting XSS issue was found in the EyesOfNetwork Web Interface. The issue is related to the /lilac/main.php API endpoint. Recommendations: For EyesOfNetwork Web...

PT-2022-25866 · Unknown · Eyesofnetwork Web Interface

Name of the Vulnerable Software and Affected Versions: EyesOfNetwork Web Interface version 5.3 Description: A reflected cross-site scripting XSS issue was found in the EyesOfNetwork Web Interface. The issue is related to the "/module/report event/index.php" API endpoint. Recommendations: For...

PT-2022-11212 · Unknown · Perfex Crm

Name of the Vulnerable Software and Affected Versions: perfex crm version 1.10 Description: The issue is related to Cross Site Scripting XSS that can be exploited via the "/clients/profile" API endpoint. This allows for potential malicious script injection. Recommendations: For perfex crm version...

PT-2022-5970 · Red Hat · Red Hat Advanced Cluster Management For Kubernetes +1

Name of the Vulnerable Software and Affected Versions: Red Hat Advanced Cluster Management for Kubernetes RHACM affected versions not specified Red Hat Advanced Cluster Security RHACS for Kubernetes affected versions not specified Description: The issue is related to a Server-Side Request Forgery...

PT-2022-26852 · Unknown · Canteen Management System

Name of the Vulnerable Software and Affected Versions: Canteen Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/print.php" API endpoint. Recommendations: For Canteen Management Syste...

PT-2022-26766 · Unknown · Online Diagnostic Lab Management System

Name of the Vulnerable Software and Affected Versions: Online Diagnostic Lab Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/admin/tests/manage test.php" API endpoint...

PT-2022-26765 · Unknown · Online Diagnostic Lab Management System

Name of the Vulnerable Software and Affected Versions: Online Diagnostic Lab Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/appointments/manage appointment.php" API endpoint...