32 matches found
EUVD-2022-46695
Malicious code in bioql PyPI...
EUVD-2022-46693
Malicious code in bioql PyPI...
EUVD-2022-46692
Malicious code in bioql PyPI...
EUVD-2022-46694
Malicious code in bioql PyPI...
CVE-2022-43712
POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in. If an unauthorized user is able to bypass other security filters they are able to post unauthorized data to the server because of CVE-2022-22965...
CVE-2022-43711
Interactive Forms IAF in GX Software XperienCentral versions 10.29.1 until 10.33.0 was vulnerable to cross site scripting attacks XSS because the CSP header uses eval in the script-src...
CVE-2022-43710
Interactive Forms IAF in GX Software XperienCentral versions 10.31.0 until 10.33.0 was vulnerable to cross site request forgery CSRF because the unique token could be deduced using the names of all input fields...
CVE-2022-43713
Interactive Forms IAF in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed...
CVE-2022-43713
Interactive Forms IAF in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed...
CVE-2022-43712
POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in. If an unauthorized user is able to bypass other security filters they are able to post unauthorized data to the server because of CVE-2022-22965...
CVE-2022-43713
Interactive Forms IAF in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed...
CVE-2022-43713
Interactive Forms IAF in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed...
CVE-2022-43710
Interactive Forms IAF in GX Software XperienCentral versions 10.31.0 until 10.33.0 was vulnerable to cross site request forgery CSRF because the unique token could be deduced using the names of all input fields...
CVE-2022-43712
POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in. If an unauthorized user is able to bypass other security filters they are able to post unauthorized data to the server because of CVE-2022-22965...
Cross site request forgery (csrf)
Interactive Forms IAF in GX Software XperienCentral versions 10.31.0 until 10.33.0 was vulnerable to cross site request forgery CSRF because the unique token could be deduced using the names of all input fields...
Cross site scripting
Interactive Forms IAF in GX Software XperienCentral versions 10.29.1 until 10.33.0 was vulnerable to cross site scripting attacks XSS because the CSP header uses eval in the script-src...
Design/Logic Flaw
POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in. If an unauthorized user is able to bypass other security filters they are able to post unauthorized data to the server because of CVE-2022-22965...
GX Software XperienCentral 安全漏洞
GX Software XperienCentral is a CMS from GX Software. A security vulnerability exists in GX Software XperienCentral version 10.36.0 and prior versions, which stems from a vulnerability that allows an unauthorized attacker to bypass security filters and place unauthorized data on the server...
GX Software XperienCentral 跨站脚本漏洞
GX Software XperienCentral is a CMS from GX Software. A security vulnerability exists in GX Software XperienCentral versions 10.29.1 through 10.33.0, which stems from the use of the eval function in script-src, resulting in a cross-site scripting XSS vulnerability...
CVE-2022-43712
GX Software XperienCentral 10.36.0 and earlier is affected by CVE-2022-22965 (Spring4Shell) via data binding in Spring MVC/WebFlux on Java 9+. An attacker able to reach a vulnerable WAR/deployed app could achieve remote code execution. Root cause: unsafe data binding in Spring Framework modules; ...