PT-2022-5691 · Cisco · Cisco Firepower Management Center

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center FMC Software affected versions not specified Description: The issue is related to insufficient validation of user-supplied input by the web-based management interface, allowing an authenticated, remote attack...

PT-2022-5696 · Cisco · Cisco Firepower Management Center

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center FMC Software affected versions not specified Description: The issue is related to insufficient validation of user-supplied input by the web-based management interface, allowing an authenticated, remote attack...

PT-2022-26763 · Intelliants · Intelliants Subrion Cms

Name of the Vulnerable Software and Affected Versions: Intelliants Subrion CMS version 4.2.1 Description: A cross-site scripting XSS issue in the CMS Field Add page allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field. This enables...

PT-2022-5690 · Cisco · Cisco Firepower Management Center

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center FMC Software affected versions not specified Description: The issue is related to insufficient validation of user-supplied input by the web-based management interface, allowing an authenticated, remote attack...

CVE-2022-41205

SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confidentiality and high impact on availability of the application...

CVE-2022-41136

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS in Vladimir Anokhin's Shortcodes Ultimate plugin = 5.12.0 on WordPress...

redis: Code injection via Lua script execution environment

A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules. This flaw allows an attacker with access to Redis to inject Lua code that executes the potentially higher privileges of another Redis user...

Canteen Management System 跨站脚本漏洞

Canteen Management System is a cafeteria management system by Mayuri K. Individual developer. A security vulnerability exists in Canteen Management System v1.0 that originated from a vulnerability that allows attackers to execute arbitrary web script or HTML via a crafted payload...

CVE-2022-41205

Technical details (affected products/versions/root cause/mitigation/patch specifics) are not publicly provided in the connected documents. Monitor for updates from SAP and security advisories.

PT-2022-25728 · Sap · Sap Gui

Name of the Vulnerable Software and Affected Versions: SAP GUI affected versions not specified Description: The issue allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries, which can cause a limited impact ...

CVE-2022-41205

SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confidentiality and high impact on availability of the application...

CVE-2022-43317

A cross-site scripting XSS vulnerability in /hrm/index.php?msg of Human Resource Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

PT-2022-26843 · Unknown · Human Resource Management System

Name of the Vulnerable Software and Affected Versions: Human Resource Management System version 1.0 Description: A cross-site scripting XSS issue in the "/hrm/index.php?msg" API endpoint allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Recommendations: For Human...

Cisco Umbrella 跨站脚本漏洞

Cisco Umbrella is a suite of cloud security platforms from Cisco. The platform prevents cyber threats such as phishing, malware and ransomware. Cisco Umbrella suffers from a cross-site scripting vulnerability that originates from unprocessed user input, which could allow an authenticated, remote...

CVE-2022-41435

OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting XSS vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted public key comments...

CVE-2022-43076

A cross-site scripting XSS vulnerability in /admin/edit-admin.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtemail parameter...

CVE-2022-40487

ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload...

Updated libreoffice packages fix security vulnerability

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

MGASA-2022-0400 Updated libreoffice packages fix security vulnerability

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

CVE-2022-43170

A stored cross-site scripting XSS vulnerability in the Dashboard Configuration feature index.php?module=dashboardconfigure/index of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Ad...