CVE-2022-4730 Graphite Web Absolute Time Range cross site scripting

A vulnerability was found in Graphite Web. It has been classified as problematic. Affected is an unknown function of the component Absolute Time Range Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...

CVE-2022-4728 Graphite Web Cookie cross site scripting

A vulnerability has been found in Graphite Web and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...

PT-2022-27933 · D Link · D-Link Dir-846

Name of the Vulnerable Software and Affected Versions: D-Link DIR-846 version A1 FW100A43 Description: A command injection issue was discovered via the auto upgrade hour parameter in the SetAutoUpgradeInfo function. This allows for potential exploitation. No information is provided about the...

CVE-2021-4263 leanote history.js define cross site scripting

A vulnerability, which was classified as problematic, has been found in leanote 2.6.1. This issue affects the function define of the file public/js/plugins/history.js. The manipulation of the argument content leads to cross site scripting. The attack may be initiated remotely. The identifier of t...

PT-2022-27734 · Unknown · Usememos/Memos

Name of the Vulnerable Software and Affected Versions: usememos/memos versions prior to 0.9.0 Description: The issue is related to stored Cross-site Scripting XSS in the usememos/memos GitHub repository. This allows for malicious scripts to be stored and executed on the platform. A patch is...

CVE-2020-36617

A vulnerability was found in ewxrjk sftpserver. It has been declared as problematic. Affected by this vulnerability is the function sftpparsepath of the file parse.c. The manipulation leads to uninitialized pointer. The real existence of this vulnerability is still doubted at the moment. The name...

PT-2022-27716 · Shoplazza · Shoplazza Lifestyle

Name of the Vulnerable Software and Affected Versions: Shoplazza LifeStyle version 1.1 Description: A vulnerability was found in the component Shipping/Member Discount/Icon, affecting unknown code of the file /admin/api/theme-edit/. The manipulation leads to cross site scripting. The attack can b...

CVE-2022-4595 django-openipam exposed_hosts.html cross site scripting

A vulnerability classified as problematic has been found in django-openipam. This affects an unknown part of the file openipam/report/templates/report/exposedhosts.html. The manipulation of the argument description leads to cross site scripting. It is possible to initiate the attack remotely. The...

CVE-2022-4586 Opencaching Deutschland oc-server3 Cachelist cachelists.tpl cross site scripting

A vulnerability classified as problematic was found in Opencaching Deutschland oc-server3. This vulnerability affects unknown code of the file htdocs/templates2/ocstyle/cachelists.tpl of the component Cachelist Handler. The manipulation of the argument namefilter/byfilter leads to cross site...

CVE-2022-41972 Contiki-NG contains NULL Pointer Dereference in BLE L2CAP module

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 contain a NULL Pointer Dereference in BLE L2CAP module. The Contiki-NG operating system for IoT devices contains a Bluetooth Low Energy stack. An attacker can inject a packet in th...

CVE-2022-4566 y_project RuoYi GenController sql injection

A vulnerability, which was classified as critical, has been found in yproject RuoYi 4.7.5. This issue affects some unknown processing of the file com/ruoyi/generator/controller/GenController. The manipulation leads to sql injection. The name of the patch is 167970e5c4da7bb46217f576dc50622b83f32b4...

CVE-2022-4558 Alinto SOGo Folder/Mail NSString+Utilities.m cross site scripting

A vulnerability was found in Alinto SOGo up to 5.7.1. It has been classified as problematic. This affects an unknown part of the file SoObjects/SOGo/NSString+Utilities.m of the component Folder/Mail Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack...

UBUNTU-CVE-2022-23515

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.1.0, 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1...

Information disclosure

TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers coul...

PT-2022-27320 · D Link · D-Link Dir-3040

Name of the Vulnerable Software and Affected Versions: D-Link DIR-3040 version 120B03 Description: A command injection issue was discovered in the D-Link DIR-3040 device. The vulnerability is related to the SetTriggerLEDBlink function, which allows for command injection. Recommendations: For D-Li...

CVE-2022-4456 falling-fruit cross site scripting

A vulnerability has been found in falling-fruit and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 15adb8e1ea1f1c3e3d152fc266071f621ef0c621. It is recommended to app...

CVE-2022-4455 sproctor php-calendar index.php cross site scripting

A vulnerability was identified in sproctor php-calendar up to 2.0.13. This impacts an unknown function of the file index.php. Such manipulation of the argument $SERVER'PHPSELF' leads to cross site scripting. The attack may be launched remotely. The name of the patch is...

PT-2022-27447 · Dragino · Dragino Lora Lg01

Name of the Vulnerable Software and Affected Versions: Dragino Lora LG01 18ed40 IoT version 4.3.4 Description: A Cross-Site Request Forgery issue was discovered in the logout page of the affected software. Recommendations: For Dragino Lora LG01 18ed40 IoT version 4.3.4, consider disabling the...

PT-2022-36432 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.225 Description: The issue is related to memory leaks in the napi get frags function. It was introduced in version v4.15 and fixed in version v5.4.225. The actual impact and attack plausibility have not yet...

PT-2022-27546 · Tenda · Tenda W6-S

Name of the Vulnerable Software and Affected Versions: Tenda W6-S version 1.0.0.4510 Description: The issue affects the component tpi systool handle0 and is related to the API endpoint /goform/SysToolRestoreSet. This allows unauthenticated attackers to arbitrarily reboot the device...