CVE-2022-28478

SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. The "Remove file" functionality inside the "Log files management" menu does not sanitize user input allowing attackers with admin privileges to delete arbitrary files on the remote system...

Google Android 权限许可和访问控制问题漏洞

Google Android is a Linux-based open-source operating system from the U.S. company Google Google. Google Android has an elevation of privilege vulnerability that originates in onCreateContextMenu in NetworkProviderSettings.java. Due to a lack of privilege checking, a non-owner user could change...

CVE-2022-30481

Food-order-and-table-reservation-system- 1.0 is vulnerable to SQL Injection in categorywise-menu.php via the catid parameters...

CVE-2022-30481

Food-order-and-table-reservation-system- 1.0 is vulnerable to SQL Injection in categorywise-menu.php via the catid parameters...

CVE-2022-30481

Food-order-and-table-reservation-system- 1.0 is vulnerable to SQL Injection in categorywise-menu.php via the catid parameters...

Food-order-and-table-reservation-system SQL注入漏洞

Food-order-and-table-reservation-system is enabling users to order food online and reserve a table for dine-in if there is no delivery option. food-order-and-table-reservation-system version 1.0 is vulnerable to an SQL injection vulnerability that originates in the categorywise-menu.php page wher...

CVE-2022-30481

Food-order-and-table-reservation-system- 1.0 is vulnerable to SQL Injection in categorywise-menu.php via the catid parameters...

PT-2022-20137 · Unknown · Food-Order-And-Table-Reservation-System

Name of the Vulnerable Software and Affected Versions: Food-order-and-table-reservation-system- version 1.0 Description: The issue concerns a SQL Injection vulnerability in the categorywise-menu.php file, specifically via the catid parameter. This allows for potential exploitation. Recommendation...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the getFileEntryTypeMenuItem function. An attacker can execute arbitrary web scripts or inject HTML by supplying crafted input. Details Cross-site scripting or XSS is a code vulnerability that occurs when an...

GHSA-RGF6-9Q7G-55QG Typo3 Function Menu API XSS Vulnerability

Cross-site scripting XSS vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...

Typo3 Function Menu API XSS Vulnerability

Cross-site scripting XSS vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...

GeniXCMS Cross-site Scripting (XSS) via the Menu ID field

In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a page=menus request...

GHSA-3C7G-P9JX-8CGM GeniXCMS Cross-site Scripting (XSS) via the Menu ID field

In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a page=menus request...

CVE-2022-28930

ERP-Pro v3.7.5 was discovered to contain a SQL injection vulnerability via the component /base/SysEveMenuAuthPointMapper.xml...

ERP-Pro SQL注入漏洞

ERP-Pro is a software based on SpringBoot 2.X framework, which aspires to build ERP+Production functionality that can be integrated and used with multiple systems such as OA, CRM, Knowledgebase and so on. A security vulnerability exists in ERP-Pro version 3.7.5, which can be exploited by an...

GeniXCMS Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in GeniXCMS 1.1.0 allows remote authenticated users to inject arbitrary web script or HTML via the Menu ID when adding a menu...

GHSA-478J-MCRR-3877 GeniXCMS Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in GeniXCMS 1.1.0 allows remote authenticated users to inject arbitrary web script or HTML via the Menu ID when adding a menu...

GHSA-FX2M-5M9V-JHGP XSS in baserCMS before 4.1.4

An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the dataUploaderCategoryname parameter to an admin/uploader/uploadercategories/edit URI...

XSS in baserCMS before 4.1.4

An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the dataUploaderCategoryname parameter to an admin/uploader/uploadercategories/edit URI...

CVE-2022-0625

The Admin Menu Editor WordPress plugin through 1.0.4 does not sanitize and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...