Amazon Linux 2022 : redis6, redis6-devel (ALAS2022-2022-115)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-115 advisory. A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules. This flaw allows an attacker with access to Redis to inject Lua code that executes the...

JVN#76024879: PowerCMS XMLRPC API vulnerable to command injection

PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability CWE-74. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. According to the developer,...

PT-2022-23601 · Unknown · Picuploader

Name of the Vulnerable Software and Affected Versions: PicUploader version 2.6.3 Description: A cross-site scripting XSS issue was found in the /master/index.php component of PicUploader. This allows for potential malicious script execution. Recommendations: For PicUploader version 2.6.3, conside...

Toxssin - An XSS Exploitation Command-Line Interface And Payload Generator

toxssin is an open-source penetration testing tool that automates the process of exploiting Cross-Site Scripting XSS vulnerabilities. It consists of an https server that works as an interpreter for the traffic generated by the malicious JavaScript payload that powers this tool toxin.js. This...

CVE-2022-36527

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module...

CVE-2022-36527

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module...

CVE-2022-38078

Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products and...

CVE-2022-38078

Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products and...

Movable Type XMLRPC API vulnerable to command injection

Overview Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability CWE-74. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. According...

Exploit for Incorrect Authorization in Polkit_Project Polkit

XDR-LabSetup.sh Description This program is used in conjun...

Microsoft Windows Untrusted Script Execution Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing o...

CVE-2022-35133

A cross-site scripting XSS vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node...

CVE-2022-35133

A cross-site scripting XSS vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node...

Apache JSPWiki 跨站脚本漏洞

Apache JSPWiki is an open source WikiWiki engine built on Java, Servlet and JSP from the Apache Apache Foundation. Apache JSPWiki has a security vulnerability that stems from the fact that a carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability that an attacker could...

CVE-2022-30571

The iWay Service Manager Console component of TIBCO Software Inc.'s TIBCO iWay Service Manager contains easily exploitable Reflected Cross Site Scripting XSS vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's...

CVE-2022-34618

A stored cross-site scripting XSS vulnerability in Mealie 1.0.0beta3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the recipe description text field...

Mozilla Firefox Competitive Conditions Issue Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox, which stems from insufficient cleaning of user-supplied data, and can be exploited by remote attackers to execute arbitrary HTML and script code in a...

CVE-2022-34594

Advanced School Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the component ip/school/moudel/updatesubject.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Subject text...

PT-2022-22243 · Unknown · Online Fire Reporting System

Name of the Vulnerable Software and Affected Versions: Online Fire Reporting System version 1.0 Description: A cross-site scripting XSS issue in the /index.php/?p=report endpoint of the Online Fire Reporting System allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

PT-2022-18223 · Unknown · Inmailx Outlook Plugin

Name of the Vulnerable Software and Affected Versions: InMailX Outlook Plugin versions prior to 3.22.0101 Description: The issue allows a local user or network administrator to execute HTML/Javascript in the Outlook of users due to unsanitized InMailX Connection names in the Outlook tab. This...