Lucene search
K
Ndk-designNdkadvancedcustomizationfields

4 matches found

CVE
CVE
added 2022/11/22 12:0 a.m.71 views

CVE-2022-40842

CVE-2022-40842 affects ndk design NdkAdvancedCustomizationFields 3.5.0 and is a Server-Side Request Forgery (SSRF) issue exposed via rotateimg.php. The CVSS v3.1 base score is 9.1 (CRITICAL) with network attack vector, no user interaction, and no privileges required; impact is confidentiality and...

9.1CVSS9.2AI score0.00791EPSS
CVE
CVE
added 2022/12/21 12:0 a.m.57 views

CVE-2022-40841

CVE-2022-40841 describes a cross-site scripting (XSS) vulnerability in NdkAdvancedCustomizationFields v3.5.0. The issue arises from crafting payloads injected into the htmlNodes parameter, allowing attackers to execute arbitrary web scripts or HTML in victims’ browsers. CVSS v3.1 base score is 6....

6.1CVSS5.8AI score0.00486EPSS
CVE
CVE
added 2022/11/02 12:0 a.m.55 views

CVE-2022-40840

CVE-2022-40840 affects NdkAdvancedCustomizationFields 3.5.0 and is exposed to Cross-Site Scripting via the createPdf.php endpoint. The available connected documents indicate the issue is an XSS vulnerability; no exploit code or in-the-wild details are provided. Remediation information across sour...

6.1CVSS6AI score0.00486EPSS
CVE
CVE
added 2022/11/01 12:0 a.m.54 views

CVE-2022-40839

CVE-2022-40839 is a SQL injection vulnerability in the height and width parameters of NdkAdvancedCustomizationFields v3.5.0. The issue allows unauthenticated remote attackers to exfiltrate database data. CVSSv3.1 base score 7.5 (HIGH) with Network attack vector, low attack complexity, no privileg...

7.5CVSS7.8AI score0.00866EPSS