CVE-2022-42246 Doufox 0.0.4 contains a CSRF vulnerability that can add system administrator account.
This CSRF vulnerability can be exploited when a user access a malicious website. When the user logged into the system, the “Create system administrator” permission
CVE-2022-43263 An XSS vulnerability in Arobas Music Guitar Pro before v1.10.2 allows attackers to execute arbitrary web scripts or HTML.
A cross-site request forgery (CSRF) vulnerability in Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to hijack the authentication
CVE-2022-4021 The Permalink Manager lite plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation in versions up to 2.2.20.1.
This occurs because the plugin does not perform nonce checking, which makes it possible for attackers to submit crafted requests and perform actions such as
CVE-2022-3980 V5.0.0 - 9.7.4 Sophos Mobile on-premises has XEE SSRF and potential code execution vulnerabilities.
This vulnerability is an XML External Entity (XEE) issue. In order to exploit this issue, attacker must be able to perform client-side request forgery (CSRF)
CVE-2022-4013 - Hospital Management Center’s CSRF Flaw in appointment.php Explained
A critical vulnerability, tracked as CVE-2022-4013, was discovered in the widely used Hospital Management Center software. The security issue was found in the appointment.php
Episode
00:00:00
00:00:00