EUVD-2022-50727

Malicious code in bioql PyPI...

CVE-2022-48012

Opencats v0.9.7 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /opencats/index.php?m=settings=ajaxtagsupd...

Cross site scripting

A stored cross-site scripting XSS vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates...

CVE-2022-48011

Opencats v0.9.7 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function...

CVE-2022-48011

Opencats v0.9.7 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function...

CVE-2022-48013

Opencats v0.9.7 was discovered to contain a stored cross-site scripting XSS vulnerability in the component /opencats/index.php?m=calendar. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Title text fields...

CVE-2022-48012

Opencats v0.9.7 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /opencats/index.php?m=settings&a=ajaxtagsupd...

Cross site scripting

Opencats v0.9.7 was discovered to contain a stored cross-site scripting XSS vulnerability in the component /opencats/index.php?m=calendar. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Title text fields...

Sql injection

Opencats v0.9.7 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function...

CVE-2022-48011

CVE-2022-48011 affects Opencats v0.9.7 with a SQL injection vulnerability via the importID parameter in the Import viewerrors function. The NVD/CVE details list a CVSS 3.1 base score of 9.8 (CRITICAL) with network attack vector, no user interaction, and no privileges required, impacting confident...

CVE-2022-48011

Opencats v0.9.7 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function...

CVE-2022-48013

Opencats v0.9.7 contains a stored XSS vulnerability in the calendar component ( /opencats/index.php?m=calendar ). The underlying issue allows injecting payloads into the Description or Title fields, enabling execution of arbitrary web scripts or HTML by an attacker who can supply crafted input. C...

CVE-2022-48012

OpenCATS v0.9.7 contains a reflected XSS in the component /opencats/index.php?m=settings&a=ajax_tags_upd. Affected functionality allows an attacker to inject arbitrary JavaScript into a victim’s browser, potentially stealing cookies or hijacking sessions. Impact is described as client-side code e...

CVE-2022-48013

Opencats v0.9.7 was discovered to contain a stored cross-site scripting XSS vulnerability in the component /opencats/index.php?m=calendar. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Title text fields...

CVE-2022-48012

Opencats v0.9.7 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /opencats/index.php?m=settings&a=ajaxtagsupd...

Incorrect hash in sha2

The v0.9.7 release of the sha2 crate introduced a new AVX2-accelerated backend which was automatically enabled for all x86/x8664 CPUs where AVX2 support was autodetected at runtime. This backend was buggy and would miscompute results for long messages i.e. messages spanning multiple SHA blocks. T...

Miscomputed results when using AVX2 backend

The v0.9.7 release of the sha2 crate introduced a new AVX2-accelerated backend which was automatically enabled for all x86/x8664 CPUs where AVX2 support was autodetected at runtime. This backend was buggy and would miscompute results for long messages i.e. messages spanning multiple SHA blocks. T...

GHSA-QV2V-M59F-V5FW Insecure randomness in socket.io

Affected versions of socket.io depend on Math.random to create socket IDs, and therefore the IDs are predictable. With enough information on prior IDs, an attacker may be able to guess the socket ID and gain access to socket.io servers without authorization. Recommendation Update to v0.9.7 or lat...

singapore v0.9.7 XSS Vulnerabilities

SOFTWARE: ========= singapore v0.9.7 DESCRIPTION: ============ The system is vulnerable to various XSS attacks google dork : "Powered by singapore v0.9.7" inurl:index.php?gallery 429 results : xss code example ================ www.site.com/images/index.php?gallery=gallery...

singapore097.txt

SOFTWARE: ========= singapore v0.9.7 DESCRIPTION: ============ The system is vulnerable to various XSS attacks google dork : "Powered by singapore v0.9.7" inurl:index.php?gallery 429 results : xss code example ================ www.site.com/images/index.php?gallery=gallery name&image=...