CVE CyberSecurity Database News - Latest cybersecurity news and CVE details

JSONP

Oct 14, 2022 SQL JSONP

CVE-2022-38444 Adobe Dimension versions 3.4.5 is vulnerable to a Use After Free vulnerability that could result in arbitrary code execution in the user's context.

An attacker could leverage social engineering or email spoofing to interact with a user and convince them to open the malicious file. CVE Solution: Update

Oct 11, 2022 WordPress JSONP

CVE-2022-40047 Flatpress v1.2.1 has an XSS vulnerability via the page parameter in the admin section.

An attacker can inject malicious script code in the page parameter to execute arbitrary script code in the browser of an unsuspecting user through this