CVE-2022-25613

Summary : CVE-2022-25613 is an authenticated persistent Cross-Site Scripting (XSS) vulnerability in the WordPress FV Flowplayer Video Player plugin (versions

Textpattern CMS <= 4.8.8 Multiple Vulnerabilities

Textpattern CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:textpattern:textpattern";...

Belarusian ‘Ghostwriter’ Actor Picks Up BitB for Ukraine-Related Attacks

Ghostwriter – a threat actor previously linked with the Belarusian Ministry of Defense – has glommed onto the recently disclosed, nearly invisible “Browser-in-the-Browser” BitB credential-phishing technique in order to continue its ongoing exploitation of the war in Ukraine. In a Wednesday post,...

Medical Hub Directory Site 1.0 Cross Site Scripting

Title: Medical Hub Directory Site 1.0 XSS Stored Author: Hejap Zairy Date: 30.07.2022 Vendor: https://www.sourcecodester.com/php/15252/simple-medical-hub-directory-site-phpoop-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/mhds.zip Reference:...

CVE-2022-1087

A vulnerability, which was classified as problematic, has been found in htmly 5.3 whis affects the component Edit Profile Module. The manipulation of the field Title with script tags leads to persistent cross site scripting. The attack may be initiated remotely and requires an authentication. A...

CVE-2022-1087 htmly Edit Profile Module cross site scripting

A vulnerability, which was classified as problematic, has been found in htmly 5.3 whis affects the component Edit Profile Module. The manipulation of the field Title with script tags leads to persistent cross site scripting. The attack may be initiated remotely and requires an authentication. A...

CVE-2022-1075

CVE-2022-1075 affects College Website Management System 1.0. The vulnerable code path is /cwms/classes/Master.php?f=save_contact in the Contact Handler, where input manipulation can result in persistent cross-site scripting. The issue may be exploitable remotely and requires authentication. No re...

CVE-2022-24957

DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS payload as the name. Any user that opens the object's version or history tab will ...

CVE-2022-24957

DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS payload as the name. Any user that opens the object's version or history tab will ...

Input validation

DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS payload as the name. Any user that opens the object's version or history tab will ...

CVE-2022-24957

DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS payload as the name. Any user that opens the object's version or history tab will ...

CVE-2022-24957

DHC Vision eQMS (v5.4.8.322 and earlier) is affected by a Persistent XSS due to insufficient encoding of untrusted input/output. An attacker must create/edit an information object and use the XSS payload as the name; any user opening the object’s version or history tab can be attacked. No remedia...

Cross site scripting

Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities in Simple Event Planner WordPress plugin = 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &customeventorganiser, &customorganiseremail, &customorganisercontact...

CVE-2022-25612

CVE-2022-25612 affects WordPress WordPress Simple Event Planner plugin ≤ 1.5.4. The vulnerability is a stored/authenticated Cross-Site Scripting (XSS) resulting from insufficient sanitization of Event Options (e.g., event_organiser, organiser_email, organiser_contact) when a user with author or h...

CVE-2022-25612 WordPress Simple Event Planner plugin <= 1.5.4 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities in Simple Event Planner WordPress plugin = 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &customeventorganiser, &customorganiseremail, &customorganisercontact...

Buffer overflow

NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers ROM version 1B have a buffer overflow in parsing SB2 updates before the signature is verified. This can allow an attacker to achieve non-persistent code execution via a crafted...

CVE-2022-22819

NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers ROM version 1B have a buffer overflow in parsing SB2 updates before the signature is verified. This can allow an attacker to achieve non-persistent code execution via a crafted...

Inventory Management System 1.0 Cross Site Scripting Vulnerability

Title: Inventory Management System 1.0 XSS Stored Author: Hejap Zairy Vendor: https://www.vetbossel.in/inventory-management-system-php/ Software: https://cutt.ly/lOZ8lrr Reference: https://github.com/Matrix07ksa Tested on: ArchLinux, MySQL, Apache Description: Stored XSS, also known as persistent...

Nxp Semiconductors Nxp Lpc55S69 安全漏洞

The Nxp Semiconductors Nxp Lpc55S69 is a development board from Nxp Semiconductors, Netherlands. It is used to add off-the-shelf add-on boards for networking, sensors, displays and other interfaces. A security vulnerability exists in the Nxp Semiconductors Nxp Lpc55S69, which originates from a...

MGASA-2022-0106 Updated 389-ds-base packages fix security vulnerability

A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash. CVE-2021-4091...