CVE-2022-4021 The Permalink Manager lite plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation in versions up to 2.2.20.1.
This occurs because the plugin does not perform nonce checking, which makes it possible for attackers to submit crafted requests and perform actions such as
CVE-2022-3980 V5.0.0 - 9.7.4 Sophos Mobile on-premises has XEE SSRF and potential code execution vulnerabilities.
This vulnerability is an XML External Entity (XEE) issue. In order to exploit this issue, attacker must be able to perform client-side request forgery (CSRF)
CVE-2022-4013: Critical CSRF Vulnerability Discovered in Hospital Management Center's appointment.php File
A newly discovered vulnerability, CVE-2022-4013, poses a significant security threat to Hospital Management Center (HMC) systems. This vulnerability, classified as problematic, impacts the appointment.php
CVE-2022-40753 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting
The cross-site scripting issue exists due to insufficient sanitization of user-supplied data before using in the application’s code. Cross-site scripting issues can be mitigated
CVE-2020-12507 An attacker with access to monit tool 4.2 could access the database by injection.
s::can moni::tools 4.2+ now uses a secure database connection to avoid SQL injection and other security issues.
In s::can moni::tools
Episode
00:00:00
00:00:00