EUVD-2022-31646

Malicious code in bioql PyPI...

CVE-2022-27107

OrangeHRM 4.10 is vulnerable to Stored XSS in the "Share Video" section under "OrangeBuzz" via the GET/POST "createVideolinkAddress" parameter...

CVE-2023-43323

mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, datawallphoto, datauserShareVideo and datauserShareLink...

CVE-2023-43323

mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, datawallphoto, datauserShareVideo and datauserShareLink...

PT-2023-28780 · Moosocial · Moosocial

Name of the Vulnerable Software and Affected Versions: mooSocial version 3.1.8 Description: The issue concerns external service interaction on the post function. When executed, the server sends HTTP and DNS requests to an external server. The parameters affected are multiple, including messageTex...

CVE-2022-27107

OrangeHRM 4.10 is vulnerable to Stored XSS in the "Share Video" section under "OrangeBuzz" via the GET/POST "createVideolinkAddress" parameter...

CVE-2022-27107

OrangeHRM 4.10 is vulnerable to Stored XSS in the "Share Video" section under "OrangeBuzz" via the GET/POST "createVideolinkAddress" parameter...

Design/Logic Flaw

OrangeHRM 4.10 is vulnerable to Stored XSS in the "Share Video" section under "OrangeBuzz" via the GET/POST "createVideolinkAddress" parameter...

CVE-2022-27107

OrangeHRM 4.10 is vulnerable to Stored XSS in the "Share Video" section under "OrangeBuzz" via the GET/POST "createVideolinkAddress" parameter...

CVE-2022-27107

OrangeHRM 4.10 contains a Stored XSS vulnerability in the 3Share Video3 feature under OrangeBuzz, exploitable via the GET/POST parameter createVideo[linkAddress]. The CVE notes this can allow JavaScript execution in the context of an affected user. CVSS metrics report MEDIUM severity (3.1) wi...

Sql injection

PG All Share Video 1.0 allows SQL Injection via the PATHINFO to search/tag, friends/index, users/profile, or videocatalog/category...

CVE-2017-15969

PG All Share Video 1.0 allows SQL Injection via the PATHINFO to search/tag, friends/index, users/profile, or videocatalog/category...

CVE-2017-15969

PG All Share Video 1.0 allows SQL Injection via the PATHINFO to search/tag, friends/index, users/profile, or videocatalog/category...

CVE-2017-15969

PG All Share Video 1.0 allows SQL Injection via the PATHINFO to search/tag, friends/index, users/profile, or videocatalog/category...

CVE-2017-15969

CVE-2017-15969 affects PG All Share Video 1.0. Description from CNVD/NVD indicates a SQL injection vulnerability exploitable via PATH_INFO in endpoints such as /search/tag, /friends/index, /users/profile, and /video_catalog/category. The root cause is unsanitized PATH_INFO allowing injected SQL c...