Weekly Vulnerabilities Reports > November 21 to 27, 2022

Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to persuade users to perform unintended actions within the application.

The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection.

A vulnerability was found in rickxy Stock Management System and classified as problematic.

A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.

Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component.

An issue was discovered in JIZHI CMS 1.9.4.

xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection').

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component.

CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads.

A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables.

XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml.

CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution.

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter ip in the setDiagnosisCfg function.

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter text in the setSmsCfg function.

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter lang in the setLanguageCfg function.

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function.

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function.

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter week, sTime, and eTime in the setParentalRules function.

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter sPort/ePort in the setIpPortFilterRules function.

There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit  https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Reset ONU to Factory Default through ' /mgm_dev_reset.asp.' Resetting to default leads to Escalation of Privileges by logging-in with default credentials.

A remote attacker can conduct a cross-site request forgery (CSRF) attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028.

Fastify is a web framework with minimal overhead and plugin architecture.

There is a SQL injection vulnerability in ZTE MF286R.

Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress.

Microweber v1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection attack.

KLiK SocialMediaWebsite version v1.0.1 is vulnerable to SQL Injection via the profile.php.

CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request.

An issue was discovered in Appalti & Contratti 9.12.2.

Silverstripe silverstripe/framework through 4.11 allows SQL Injection.

The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfn_builder_import, mfn_builder_import_page, importdata, importsinglepage, and importfromclipboard functions.

The My wpdb WordPress plugin before 2.5 is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack

The WPQA Builder WordPress plugin before 5.9 does not have CSRF check when following and unfollowing users, which could allow attackers to make logged in users perform such actions via CSRF attacks

Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files.

Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files.

Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files.

org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users.

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5.

PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood Group, and Submit Report.

The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks.

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in shop manager or admin delete them via a CSRF attack

An API Endpoint used by Miele's "AppWash" MobileApp in all versions was vulnerable to an authorization bypass.

An issue was discovered in the Linux kernel through 6.0.10.

Remote code execution vulnerability due to insufficient verification of URLs, etc.

super-xray is a web vulnerability scanning tool.

Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console.

An issue was discovered in libxml2 before 2.10.3.

McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulnerability due to the use of a variable pointing to a subdirectory that may be controllable by an unprivileged user.

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, and will upload any file written into the PLC logic folder to the connected PLC.

Sourcegraph is a code intelligence platform.

super-xray is the GUI alternative for vulnerability scanning tool xray.

Use After Free vulnerability in Linux Kernel allows Privilege Escalation.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files.

A vulnerability in NetBatch-Plus software allows unauthorized access to the application.  HPE has provided a workaround and fix.

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5.

An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600.

Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection vulnerabilities via the First Name, Contact and Remarks fields.

When LG SmartShare is installed, local privilege escalation is possible through DLL Hijacking attack.

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430.

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430.

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430.

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430.

A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5.

A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5.

A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5.

Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication process, allowing attackers to obtain users' passwords via a bruteforce attack.

In F-Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes.

An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure.

In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when verbose logging is enabled.

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z and Mitsubishi Electric MX OPC UA Module Configurator-R versions 1.08J and prior allows a remote unauthenticated attacker to disclose sensitive information.

Use of Hard-coded Password vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.090U and GT Designer3 Version1 (GOT2000) versions from 1.122C to 1.290C allows an unauthenticated attacker to disclose sensitive information.

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.087R and Motion Control Setting(GX Works3 related software) versions from 1.000A to 1.042U allows a remote unauthenticated attacker to disclose sensitive information.

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A and later allows a remote unauthenticated attacker to disclose sensitive information.

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A and later allows a remote unauthenticated attacker to disclose sensitive information.

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.090U, GT Designer3 Version1 (GOT2000) versions from 1.122C to 1.290C and Motion Control Setting(GX Works3 related software) versions from 1.035M to 1.042U allows a remote unauthenticated attacker to disclose sensitive information.

Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions from 1.015R to 1.095Z allows a remote unauthenticated attacker to obtain information about the project file for MELSEC safety CPU modules.

When using tasks to read config files, there is a risk of database password disclosure.

A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0.

A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server's file system.

mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters.

An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory.

Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts due to excessive verbose responses from the application.

An issue was discovered in libxml2 before 2.10.3.

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at \category.php.

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at \post.php.

A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP.

A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol.

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

An issue was discovered in Appalti & Contratti 9.12.2.

Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetIpMacBind.

Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function via set_device_name.

Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function formSetMacFilterCfg.

missing input validation in Apache Hama may cause information disclosure through path traversal and XSS.

Tenda AC15 V15.03.05.18 is avulnerable to Buffer Overflow via function formSetPPTPServer.

Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function fromSetRouteStatic..

Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function formSetVirtualSer.

The function check_is_login_page() uses headers for the IP check, which can be easily spoofed.

The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive information (including the DeepL API key) in files that are publicly accessible to an external, unauthenticated visitor.

XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation.

Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/products/view_product.php.

Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/admin/products/manage_product.php.

Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/transactions/update_status.php.

An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file.

FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request.

Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=user/manage_user&id=.

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection.

sourcegraph is a code intelligence platform.

File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php and /system/application/libs/js/tinymce/plugins/filemanager/upload.php.

The Event Monster WordPress plugin before 1.2.0 does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users

An issue was discovered in the Linux kernel through 6.0.10.

An issue was discovered in the Linux kernel through 6.0.9.

An issue was discovered in the Linux kernel through 6.0.9.

An issue was discovered in the Linux kernel through 6.0.9.

A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Analytics Platform 3.2.0 and above can result in arbitrary files being overwritten on the user's system.

An issue was discovered in open-vm-tools 2009.03.18-154848.

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters.

The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type.

An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5.

An issue was discovered in open-vm-tools 2009.03.18-154848.

IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability.

The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board, does not use authentication, which allows attackers to change label values via 433 MHz RF signals, as demonstrated by disrupting the organization of a hospital storage unit, or changing retail pricing.

Nextcloud server is an open source personal cloud server.

Frappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files.

Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files.

Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later, GX Works2 all versions and GX Developer versions 8.40S and later allows a remote unauthenticated attacker to disclose sensitive information.

Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthenticated attacker to disclose sensitive information.

Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command.

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.

Automotive Shop Management System v1.0 is vulnerable to Delete any file via /asms/classes/Master.php?f=delete_img.

There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit  https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url

A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data. 

A denial-of-service vulnerability in the Mattermost Playbooks plugin allows an authenticated user to crash the server via multiple large requests to one of the Playbooks API endpoints.

A denial-of-service vulnerability in Mattermost allows an authenticated user to crash the server via multiple large autoresponder messages.

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to cause a Denial of Service by Rebooting the router through " /mgm_dev_reboot.asp."

A vulnerability in Optilink OP-XT71000N Hardware version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated remote attacker to conduct a cross-site request forgery (CSRF) attack to change the Password for "WLAN SSID" through "wlwpa.asp".

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross site request forgery (CSRF) attack to enable syslog mode through ' /mgm_log_cfg.asp.' The system starts to log events, 'Remote' mode or 'Both' mode on "Syslog -- Configuration page" logs events and sends to remote syslog server IP and Port.

An authenticated SQL Injection vulnerability in the statistics page (/statistics/retrieve) of Maarch RM 2.8, via the filter parameter, allows the complete disclosure of all databases.

There is a buffer overflow vulnerability in ZTE MF286R.

Unrestricted file size limit can lead to DoS in tooljet/tooljet <1.27 by allowing a logged in attacker to upload profile pictures over 2MB.

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO.

An issue was discovered in Appalti & Contratti 9.12.2.

A vulnerability in the "/admin/wlmultipleap.asp" of optilink OP-XT71000N version: V2.2 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to create Multiple WLAN BSSID.

Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/appsmith prior to 1.8.2.

The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not validate files to download in some of its modules, which could allow ShopManager and Admin to download arbitrary files from the server even when they are not supposed to be able to (for example in multisite)

An issue was discovered in the Linux kernel through 6.0.9.

BaserCMS is a content management system with a japanese language focus.

Nexcloud desktop is the Desktop sync client for Nextcloud.

Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book.

Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter.

Human Resource Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability.

A vulnerability was found in SourceCodester Canteen Management System.

This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests.

A reflected cross-site scripting vulnerability was discovered in Moodle.

Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request.

MyBB 1.8.31 has a Cross-site scripting (XSS) vulnerability in the visual MyCode editor (SCEditor) allows remote attackers to inject HTML via user input or stored data

MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) vulnerabilities in the post Attachments interface allow attackers to inject HTML by persuading the user to upload a file with specially crafted name

An issue was discovered in Appalti & Contratti 9.12.2.

The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings.

immudb is a database with built-in cryptographic proof and verification.

Nextcould talk android is the android OS implementation of the nextcloud talk chat system.

A path traversal vulnerability was discovered in multiple Pilz products.

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace.

pgjdbc is an open source postgresql JDBC Driver.

A vulnerability exists in the Intelligent Electronic Device (IED) Connectivity Package (ConnPack) credential storage function in Hitachi Energy’s PCM600 product included in the versions listed below, where IEDs credentials are stored in a cleartext format in the PCM600 database.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files.

An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4.

Nexcloud desktop is the Desktop sync client for Nextcloud.

Nexcloud desktop is the Desktop sync client for Nextcloud.

user_oidc is an OpenID Connect user backend for Nextcloud.

A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field.

A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field.

A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field.

A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field.

A vulnerability was found in rickxy Stock Management System.

A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

Stored Cross-site Scripting (XSS) exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function.

A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL.

The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields.

CAE LearningSpace Enterprise (with Intuity License) image 267r patch 639 allows DOM XSS, related to ontouchmove and onpointerup.

Silverstripe silverstripe/cms through 4.11.0 allows XSS.

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3).

An access control issue in /Admin/dashboard.php of Record Management System using CodeIgniter v1.0 allows attackers to access and modify user data.

Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via leave comment functionality.

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.

Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2).

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view.

Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS.

IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system.

Auth.

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack (clickjacking) and an HTML injection which disables the use of the history page.

Sourcecodester Password Storage Application in PHP/OOP and MySQL 1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Name, Username, Description and Site Feature parameters.

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3).

Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData.

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

qpress before PierreLvx/qpress 20220819 and before version 11.3, as used in Percona XtraBackup and other products, allows directory traversal via ../ in a .qp file.

immudb is a database with built-in cryptographic proof and verification.

The application fails to prevent users from connecting to it over unencrypted connections.

This vulnerability discloses build and services versions in the server response header.

Insecure method vulnerability in which allowed HTTP methods are disclosed.

There is a broken access control vulnerability in the Maarch RM 2.8.3 solution.

Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time.

A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1.

The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations.

A vulnerability was found in keylime.

org.xwiki.platform:xwiki-platform-oldcore is missing authorization in User#setDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user.

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \admin\includes\edit_post.php.

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php.

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \admin\post_comments.php.

MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings.

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content.

A cross-site scripting (XSS) vulnerability in Record Management System using CodeIgniter 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Subject page.

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content.

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' .

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content.

Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripting via Add Blood Group Name Feature.

A cross-site scripting (XSS) vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field.

A cross-site scripting (XSS) vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field.

A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Header field.

A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Footer field.

A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer field.

A cross-site scripting (XSS) vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Loop field.

The Spacer WordPress plugin before 3.0.7 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).

The Popup Maker WordPress plugin before 1.16.11 does not sanitise and escape some of its Popup options, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks, which could be used against admins

The Evaluate WordPress plugin through 1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).

Nextcloud also ships a CLI utility called nextcloudcmd which is sometimes used for automated scripting and headless servers.

An issue was discovered in the Linux kernel through 6.0.9.

The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation.

user_oidc is an OpenID Connect user backend for Nextcloud.

Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/putRecycleBin.

Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/deleteRecycleBin.

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

A vulnerability found in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Add Network Traffic Control Type Rule.

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to "Enable or Disable Ports" and to "Change port number" through " /rmtacc.asp ".

aliyun-oss-client is a rust client for Alibaba Cloud OSS.

The Event Monster WordPress plugin before 1.2.0 does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack

A vulnerability was found in iPXE.

MPXJ is an open source library to read and write project plans from a variety of file formats and databases.

A vulnerability found in the OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to men in the middle attack by adding New Routes in RoutingConfiguration on " /routing.asp ".

An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information.