CVE-2022-36534

Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain multiple remote code execution RCE vulnerabilities via the JobExecuteBefore and JobExecuteAfter parameters at postprofilesettings.php...

CVE-2022-36533

Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain a cross-site scripting XSS vulnerability...

CVE-2022-36536

An issue in the component postapplogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below allows attackers to escalate privileges via creating crafted session tokens...

CVE-2022-36534

Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain multiple remote code execution RCE vulnerabilities via the JobExecuteBefore and JobExecuteAfter parameters at postprofilesettings.php...

CVE-2022-36536

An issue in the component postapplogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below allows attackers to escalate privileges via creating crafted session tokens...

Cross site scripting

Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain a cross-site scripting XSS vulnerability...

CVE-2022-36536

CVE-2022-36536 affects Syncovery for Linux (Super Flexible Software) in the post_applogin.php component. Multiple sources (NVD, Red Hat, CVE lists) describe an insecure session token generation that enables privilege escalation via crafted tokens in v9.47x and earlier. The published CVSS 3.1 base...

CVE-2022-36536

An issue in the component postapplogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below allows attackers to escalate privileges via creating crafted session tokens...

CVE-2022-36533

Syncovery for Linux (Super Flexible Software Syncovery, v9.47x and earlier) is affected by an XSS vulnerability caused by missing output encoding on error and status pages, enabling Reflective XSS via a crafted link. Public descriptions confirm exploitable behavior and versions affected up to at ...

CVE-2022-36533

Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain a cross-site scripting XSS vulnerability...

CVE-2022-36534

Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain multiple remote code execution RCE vulnerabilities via the JobExecuteBefore and JobExecuteAfter parameters at postprofilesettings.php...

CVE-2022-36534

Syncovery for Linux (Syncovery 9, v9.47x and below) contains authenticated remote code execution via Job_ExecuteBefore/Job_ExecuteAfter in post_profilesettings.php. The vulnerability allows an authenticated user to create jobs that execute commands when a profile runs, potentially executing arbit...