AlmaLinux 8 : redis:6 (ALSA-2022:7541)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7541 advisory. redis: Code injection via Lua script execution environment CVE-2022-24735 redis: Malformed Lua script can crash Redis CVE-2022-24736 Tenable has extracted...

PT-2022-26577 · Unknown · Comserver Series

Name of the Vulnerable Software and Affected Versions: ComServer Series affected versions not specified Description: The issue allows an authenticated remote attacker to execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage. This is a...

Subrion CMS is vulnerable to Cross-Site Scripting (XSS)

A cross-site scripting XSS vulnerability in the /panel/fields/add component of Intelliants Subrion CMS version 4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field...

CVE-2022-43119

A cross-site scripting XSS vulnerability in Clansphere CMS v2011.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username parameter...

Cross site scripting

A cross-site scripting XSS vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username text field...

CVE-2022-43119

A cross-site scripting XSS vulnerability in Clansphere CMS v2011.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username parameter...

CVE-2022-43121

A cross-site scripting XSS vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field...

PT-2022-5691 · Cisco · Cisco Firepower Management Center

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center FMC Software affected versions not specified Description: The issue is related to insufficient validation of user-supplied input by the web-based management interface, allowing an authenticated, remote attack...

PT-2022-5690 · Cisco · Cisco Firepower Management Center

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center FMC Software affected versions not specified Description: The issue is related to insufficient validation of user-supplied input by the web-based management interface, allowing an authenticated, remote attack...

PT-2022-26763 · Intelliants · Intelliants Subrion Cms

Name of the Vulnerable Software and Affected Versions: Intelliants Subrion CMS version 4.2.1 Description: A cross-site scripting XSS issue in the CMS Field Add page allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field. This enables...

PT-2022-5696 · Cisco · Cisco Firepower Management Center

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center FMC Software affected versions not specified Description: The issue is related to insufficient validation of user-supplied input by the web-based management interface, allowing an authenticated, remote attack...

Joomla! CMS Cross-Site Scripting (CVE-2018-6377)

A cross-site scripting vulnerability exists in Joomla! Core. Successful exploitation results in the execution of arbitrary script code in the target user's browser...

CVE-2022-43118

A cross-site scripting XSS vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username text field...

CVE-2022-41205

SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confidentiality and high impact on availability of the application...

CVE-2022-41136

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS in Vladimir Anokhin's Shortcodes Ultimate plugin = 5.12.0 on WordPress...

redis: Code injection via Lua script execution environment

A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules. This flaw allows an attacker with access to Redis to inject Lua code that executes the potentially higher privileges of another Redis user...

PT-2022-25728 · Sap · Sap Gui

Name of the Vulnerable Software and Affected Versions: SAP GUI affected versions not specified Description: The issue allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries, which can cause a limited impact ...

CVE-2022-41205

Technical details (affected products/versions/root cause/mitigation/patch specifics) are not publicly provided in the connected documents. Monitor for updates from SAP and security advisories.

Canteen Management System 跨站脚本漏洞

Canteen Management System is a cafeteria management system by Mayuri K. Individual developer. A security vulnerability exists in Canteen Management System v1.0 that originated from a vulnerability that allows attackers to execute arbitrary web script or HTML via a crafted payload...

CVE-2022-41205

SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confidentiality and high impact on availability of the application...