CVE-2022-31795

An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 Control Center devices before 8.1A SP02 P04. The vulnerability resides in the grelfinfo function in grel.php. An attacker is able to influence the username user, password pw, and file-name file parameters and inject special characters...

OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF)

Summary Lack of CSRF protection on the preview-expression command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can contain arbitrary Clojure or Python code. The attacker must know a valid project ID of a project that contains...

GHSA-3JM4-C6QF-JRH3 OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF)

Summary Lack of CSRF protection on the preview-expression command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can contain arbitrary Clojure or Python code. The attacker must know a valid project ID of a project that contains...

CVE-2022-31795

An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 Control Center devices before 8.1A SP02 P04. The vulnerability resides in the grelfinfo function in grel.php. An attacker is able to influence the username user, password pw, and file-name file parameters and inject special characters...

Fujitsu ETERNUS CentricStor CS8000 操作系统命令注入漏洞

The Fujitsu ETERNUS CentricStor CS8000 is a unified backup and archiving platform from Fujitsu, Japan. for mainframe and open systems backup, archiving, secondary and object storage. A security vulnerability exists in Fujitsu ETERNUS CentricStor CS8000 version 8.1A SP02 P04, which can be injected...