CVE-2022-37140

PayMoney 3.3 is vulnerable to Client Side Remote Code Execution RCE. The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file...

EUVD-2022-39790

Malicious code in bioql PyPI...

EUVD-2022-37889

Malicious code in bioql PyPI...

EUVD-2022-39793

Malicious code in bioql PyPI...

CVE-2022-37137

PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting XSS during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will prompt after that or can be access from the vi...

CVE-2022-34991

Paymoney v3.3 was discovered to contain multiple reflected cross-site scripting XSS vulnerabilities via the firstname and lastname parameters...

CVE-2022-37137

PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting XSS during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will prompt after that or can be access from the vi...

CVE-2022-37137

PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting XSS during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will prompt after that or can be access from the vi...

CVE-2022-37140

PayMoney 3.3 is vulnerable to Client Side Remote Code Execution RCE. The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file...

CVE-2022-37140

PayMoney 3.3 is vulnerable to Client Side Remote Code Execution RCE. The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file...

CVE-2022-37140

PayMoney 3.3 is vulnerable to Client Side Remote Code Execution RCE. The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file...

Remote code execution

PayMoney 3.3 is vulnerable to Client Side Remote Code Execution RCE. The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file...

Cross site scripting

PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting XSS during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will prompt after that or can be access from the vi...

CVE-2022-37140

PayMoney 3.3 is vulnerable to Client Side Remote Code Execution RCE. The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file...

CVE-2022-37140

CVE-2022-37140 affects PayMoney 3.3. The vulnerability is a Client-Side Remote Code Execution (RCE) in the reply ticket function through uploading a malicious file; when an affected user opens the crafted RTF, a calculator is launched. Multiple sources (NVD, Red Hat, CVE lists) describe this entr...

CVE-2022-37137

CVE-2022-37137 affects PayMoney 3.3. The issue is a Stored Cross-Site Scripting (XSS) in the ticket reply flow, exploitable by injecting a crafted payload into the Message field via the description parameter; the XSS can be triggered in the response or when viewing the ticket. Documents consisten...

CVE-2022-37137

PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting XSS during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will prompt after that or can be access from the vi...

CVE-2022-37137

PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting XSS during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will prompt after that or can be access from the vi...

Techvillage Paymoney 代码问题漏洞

Techvillage Paymoney is a secure online payment gateway from Techvillage Bangladesh. A security vulnerability exists in Techvillage Paymoney version 3.3, which stems from a malicious file that can be uploaded in the REPLY TICKET function, which opens a calculator when the victim of the downloaded...

PT-2022-23835 · Paymoney · Paymoney

Name of the Vulnerable Software and Affected Versions: PayMoney version 3.3 Description: The issue is related to Client Side Remote Code Execution RCE and exists in the reply ticket function, where uploading a malicious file can lead to execution of remote code. When a victim downloads and opens...