CVE-2022-3975 A vulnerability was found in NukeView CMS's Data URL Handler component. The function filterAttr is affected.

In order to verify the patch installation, it is recommended to compare the old and the new version of the software. The vendor has released an official announcement with details about the new update and the corrected version. According to the announcement, the new version of the software fixes a vulnerability. It was classified as low severity. The announcement states that the updated component includes a fix for a Cross-Site Scripting vulnerability. The vendor has released an update that fixes this issue. According to the vendor, this update has been released due to the fact that the old version of the software does not include the correct patch for this issue. In order to upgrade the component Data URL Handler, it is recommended to update the software to version 4.5. The new version has been released with the identifier vdb-213554.

Summary of Gladiator Cross Site Scripting Vulnerability

A Cross-site Scripting vulnerability in the software, Gladiator was discovered by security researchers. According to the vendor, the new update fixes this issue and it was classified as low severity. The problem was discovered through a vulnerability report from a threat actor who included a webpage with malicious code in order to exploit the vulnerability. In order to verify that the update has been installed correctly and patched, it is recommended to compare old and new versions of the software.

Summary of VDB-213554

Version 4.5 was released with the identifier vdb-213554
The update includes a fix for a Cross-Site Scripting vulnerability
The vendor has released an update that fixes this issue

VDB-213554: Data URL Handler update released with new version number

The vendor has released a new version of the software to fix the vulnerability that was fixed in the old version. The vendor recommends updating to this new version because it includes a fix for a Cross-Site Scripting vulnerability. According to the announcement, this update has been released by the vendor due to the fact that the old version does not include the correct patch for this issue.

CVE-2022-3804: DataDecoder Insecure Deserialization

According to the published advisory, the flaw is caused by an issue in the system that deals with serializing data. This issue could be exploited by an attacker and it would allow them to execute code as a privileged user. The vendor has released an update that fixes this issue. The new version has been released with the identifier vdb-213555.

It's important that you have a strong digital marketing presence when running your business, which means outsourcing your SEO could be a good idea for your company.
If you want to grow your business, great search engine optimization (SEO) is a must. The challenge? Many small businesses don’t have the time, skills, or expertise necessary to handle everything that comes with a solid SEO strategy. From keyword research to content evaluation, from page optimization to internal linking, it’s easy for companies to end up with a generic web presence that doesn’t inspire engagement or drive conversions.

Data URL Handler – Description of the Software

The vulnerable software is part of the Data URL Handler component and can be installed on Linux machines. This component is a network service that provides a way to access online analytical data. The new version fixes the vulnerability and includes a fix for Cross-Site Scripting.

According to the vendor, this update has been released due to the fact that the old version of the software does not include the correct patch for this issue, which was classified as low severity.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe