Design/Logic Flaw

A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This affects the function doExecute of the file AbstractScheduleJob.java of the component Scheduled Task Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit...

CVE-2022-4322 maku-boot Scheduled Task AbstractScheduleJob.java doExecute injection

A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This affects the function doExecute of the file AbstractScheduleJob.java of the component Scheduled Task Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit...

PT-2022-26797 · Maku-Boot · Maku-Boot

Name of the Vulnerable Software and Affected Versions: maku-boot versions up to 2.2.0 Description: A critical issue was found in the Scheduled Task Handler component, affecting the doExecute function of the AbstractScheduleJob.java file. This leads to injection and can be initiated remotely. The...

CVE-2022-4300

A vulnerability was found in FastCMS. It has been rated as critical. This issue affects some unknown processing of the file /template/edit of the component Template Handler. The manipulation leads to injection. The attack may be initiated remotely. The exploit has been disclosed to the public and...

PT-2022-26701 · Fastcms · Fastcms

Name of the Vulnerable Software and Affected Versions: FastCMS affected versions not specified Description: A critical issue affects the Template Handler component, specifically the /template/edit file, leading to injection when manipulated. This issue can be initiated remotely. Recommendations: ...

DEBIAN-CVE-2022-43497

Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7...

Cross site scripting

Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7...

CVE-2022-4282

CVE-2022-4282 affects SpringBootCMS, specifically the Template Management component. The issue is described as a remote injection vulnerability arising from manipulation of an unknown functionality, with exploitation possible over the network and high impact on confidentiality, integrity, and ava...

CVE-2022-4278

A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /hrm/employeeadd.php. The manipulation of the argument empid leads to sql injection. The attack may be initiated remotely. The...

CVE-2022-43707

MyBB 1.8.31 has a Cross-site scripting XSS vulnerability in the visual MyCode editor SCEditor allows remote attackers to inject HTML via user input or stored data...

UBUNTU-CVE-2022-4064

A vulnerability was found in Dalli up to 3.2.2. It has been classified as problematic. Affected is the function self.metaset of the file lib/dalli/protocol/meta/requestformatter.rb of the component Meta Protocol Handler. The manipulation of the argument cas/ttl leads to injection. It is possible ...

CVE-2022-4064 Dalli Meta Protocol request_formatter.rb self.meta_set injection

A vulnerability was found in Dalli up to 3.2.2. It has been classified as problematic. Affected is the function self.metaset of the file lib/dalli/protocol/meta/requestformatter.rb of the component Meta Protocol Handler. The manipulation of the argument cas/ttl leads to injection. It is possible ...

Liferay Portal and Liferay DXP Vulnerable to XSS via the Portal Search Module

A Cross-site scripting XSS vulnerability in the Portal Search module before 6.0.12 from Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the tag...

PT-2022-25149 · Unknown · Monikabrzica Scm

Name of the Vulnerable Software and Affected Versions: MonikaBrzica scm affected versions not specified Description: A critical issue has been found in MonikaBrzica scm, affecting some unknown functionality of the file upis u bazu.php. The manipulation of the email, lozinka, ime, or id arguments...

PT-2022-7392 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.4 Description: The issue is related to improper input validation in the GLPI system, which can be exploited by a remote attacker to impact the system's integrity. Users may be able to inject custom field values in...

CVE-2022-3798

A vulnerability classified as critical has been found in IBAX go-ibax. Affected is an unknown function of the file /api/v2/open/tablesInfo. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-2126...

jQuery UI Cross-site Scripting (CVE-2016-7103)

A cross-site scripting vulnerability exists in jQuery UI. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

CVE-2016-20017

D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022...

CVE-2022-42112

A Cross-site scripting XSS vulnerability in the Portal Search module's Sort widget in Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via a crafted paylo...

The vulnerability of the CERT/CC VINCE software coordination mechanism lies in its lack of measures to neutralize special elements, allowing attackers to inject arbitrary HTML code.

The vulnerability of the CERT/CC VINCE software coordination mechanism exists due to the failure to take measures to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to inject arbitrary HTML code remotely, using the “Product Affected” field...