CVE-2022-39800

SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the network. On successful exploitation, an attacker can view or modify information causing a limited...

Design/Logic Flaw

SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the network. On successful exploitation, an attacker can view or modify information causing a limited...

CVE-2022-3140

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

Design/Logic Flaw

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

UBUNTU-CVE-2022-3140

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

bingo!CMS vulnerable to authentication bypass

Overview bingo!CMS provided by Shift Tech Inc. contains an authentication bypass vulnerability CWE-288 in some of the management functions. Shift Tech Inc. states that attacks exploiting this vulnerability have been observed. Shift Tech Inc. reported this vulnerability to IPA to notify users of i...

VulnCheck KEV: CVE-2022-42458

Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered...

LibreOffice 参数注入漏洞

LibreOffice is an open source office software suite from The Document Foundation tdf. The product includes the Writer text documents, Calc spreadsheets and Impress presentations applications. A security vulnerability exists in The Document Foundation LibreOffice versions 7.3 through 7.3.6 and 7.4...

CVE-2022-39800

CVE-2022-39800 - SAP BusinessObjects BI LaunchPad affects SAP BusinessObjects BI LaunchPad versions 420 and 430. The issue is a script execution vulnerability caused by improper sanitization of user inputs during network interaction, exploitable by an unauthenticated attacker to view or modify in...

CVE-2022-3140 Macro URL arbitrary script execution

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

PT-2022-24998 · Sap · Sap Businessobjects Bi Launchpad

Name of the Vulnerable Software and Affected Versions: SAP BusinessObjects BI LaunchPad versions 420, 430 Description: The issue is related to improper sanitization of user inputs, allowing an unauthenticated attacker to execute scripts. This can lead to viewing or modifying information, causing ...

CVE-2022-3140

CVE-2022-3140 affects The Document Foundation LibreOffice: 7.4.x before 7.4.1 and 7.3.x before 7.3.6. Root cause is insufficient validation of the vnd.libreoffice.command URI scheme, which could be used to call internal macros with arbitrary arguments. When a user clicks the crafted link or a doc...

CVE-2022-39800

SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the network. On successful exploitation, an attacker can view or modify information causing a limited...

CVE-2022-3140

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

CVE-2022-3140

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

Total Avengers Totaljs Framework 跨站脚本漏洞

Total Avengers Totaljs Framework is a Javascript-based codebase for building web, desktop, service or IoT applications from Total Avengers Slovakia. The application is similar to PHPs Laravel, Pythons Django, ASP.NET MVC for building Node applications. Total Avengers A security vulnerability exis...

Cross site scripting

A cross-site scripting XSS vulnerability in Centreon 22.04.0 allows attackers to execute arbitrary web script or HTML via a crafted payload injected into the ServiceTemplates servicealias parameter...

CVE-2022-42247

pfSense v2.5.2 contains a cross-site scripting (XSS) vulnerability in the browser.php component, allowing arbitrary web scripts or HTML to be executed via a crafted payload injected into a file name. The issue is documented in several sources (e.g., NVD, Red Hat, OSV, CVE lists). Connected docume...

UBUNTU-CVE-2022-2628

The DSGVO All in one for WP WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

BookStack 跨站脚本漏洞

BookStack is a simple, self-hosted, easy-to-use platform from BookStack, Inc. for organizing and storing information. A cross-site scripting vulnerability exists in versions prior to BookStack v22.09. An attacker can exploit this vulnerability to execute arbitrary script on a user's web browser...