SUSE-SU-2022:3198-1 Security update for php8-pear

This update for php8-pear fixes the following issues: - Add php8-pear to SLE15-SP4 jscSLE-24728 - Update to 1.10.21 - PEAR 1.10.13 unsupported protocol - use --force to continue Add $this operator to determineIfPowerpc calls - Update to 1.10.20 - ArchiveTar 1.4.14 Properly fix symbolic link path...

exceedone/exment and exceedone/laravel-admin Cross-site Scripting vulnerability

Reflected cross-site scripting vulnerability in Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows a remote authenticated attacker to inject an arbitrary...

GHSA-8629-83M5-RJ75 exceedone/exment and exceedone/laravel-admin Cross-site Scripting vulnerability

Reflected cross-site scripting vulnerability in Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows a remote authenticated attacker to inject an arbitrary...

exceedone/exment and exceedone/laravel-admin SQL Injection vulnerability

SQL injection vulnerability in the Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows remote authenticated attackers to execute arbitrary SQL commands...

GHSA-P74Q-2PF8-J5JX exceedone/exment and exceedone/laravel-admin SQL Injection vulnerability

SQL injection vulnerability in the Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows remote authenticated attackers to execute arbitrary SQL commands...

CVE-2022-37333

SQL injection vulnerability in the Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows remote authenticated attackers to execute arbitrary SQL commands...

CVE-2022-38080

Reflected cross-site scripting vulnerability in Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows a remote authenticated attacker to inject an arbitrary...

CVE-2022-38080

Reflected cross-site scripting vulnerability in Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows a remote authenticated attacker to inject an arbitrary...

Sql injection

SQL injection vulnerability in the Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows remote authenticated attackers to execute arbitrary SQL commands...

Cross site scripting

Stored cross-site scripting vulnerability in Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows a remote authenticated attacker to inject an arbitrary script...

CVE-2022-38089

CVE-2022-38089 describes a stored cross-site scripting (XSS) vulnerability in Exment and the exceedone/laravel-admin integration. The issue affects PHP8: exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier; PHP7: exceedone/exment v4.4.2 and earlier and exceedone/lar...

CVE-2022-38089

Stored cross-site scripting vulnerability in Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows a remote authenticated attacker to inject an arbitrary script...

CVE-2022-37333

CVE-2022-37333 is a SQL injection vulnerability in Exment and related laravel-admin components. The issue affects PHP8: exceedone/exment e5.0.2 and earlier and exceedone/laravel-admin e3.0.0 and earlier; PHP7: exceedone/exment e4.4.2 and earlier and exceedone/laravel-admin e2.2.2 and earlier. The...

JVN#46239102: Multiple vulnerabilities in Exment

Exment provided by Kajitori Co.,Ltd contains multiple vulnerabilities listed below. Reflected cross-site scripting CWE-79 - CVE-2022-38080 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2| AV:N/AC:H/Au:S/C:N/I:P/A:N| Base Score: 2.1...

openSUSE: Security Advisory for php8 (SUSE-SU-2022:2303-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE: Security Advisory (SUSE-SU-2022:2303-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:2303-1 Security update for php8

This update for php8 fixes the following issues: - CVE-2021-21707: Fixed a special character that breaks path in xml parsing. bsc1193041 - CVE-2022-31625: Fixed uninitialized pointers free in Postgres extension. bsc1200645 - CVE-2022-31626: Fixed buffer overflow via user-supplied password when...

Cross-site Scripting in Microweber

Microweber versions 1.2.17 and prior are vulnerable to cross-site scripting. A patch is available on the dev laravel9-php8 branch of the repository...

GHSA-27G3-58V4-FG9W Cross-site Scripting in Microweber

Microweber versions 1.2.17 and prior are vulnerable to cross-site scripting. A patch is available on the dev laravel9-php8 branch of the repository...

SUSE SLES15 Security Update : php8 (SUSE-SU-2022:1928-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1928-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable, Inc...