Topic

CSRF

A collection of 29 issues

CVE-2022-36194 An Attacker could leverage the XSS in the Pollers > Broker Configuration function of Actron Encentreon 22.04.0 to inject malicious code.

By manipulating the name parameter, an attacker can inject malicious code into the application’s code, which can lead to session hijacking and other forms of attack. VentureOne reported this issue to Envato, who promptly released a security update to close this XSS vulnerability. Another issue with Envato Studio 22.
2 min read
Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe