CVE-2022-35613 Konker v2.3.9 was to discovered to contain a Cross-Site Request Forgery (CSRF).
CSRF is a type of attack that occurs when a user browses to a maliciously crafted website to perform an action they would not normally
CVE-2022-43967 CMS below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS due to un-sanitized output.
XSS in the multilingual edit form is possible due to the lack of escaping of user-specified languages. This could allow for XSS injection attacks
CVE-2022-43323 EyouCMS V1.5.9-UTF8-SP1 was found to have a CSRF vulnerability in the Top Up Balance component.
This issue can be exploited to hijack the user's session if he/she has the same email address on the site as on
CVE-2022-44387 EyouCMS V1.5.9-UTF8-SP1 had a CSRF vulnerability in the Basic Information component of the Edit Member module.
An attacker could exploit this issue to force the user to login via CSRF if they have access to the backend system. In certain cases,
CVE-2022-43692 Reflected XSS can be exploited by a user if the targeted administrator is using an older browser that lacks XSS protection.
If you are running a version before 8.5.10 and are using a browser that supports XSS protection you must update to a version
Episode
00:00:00
00:00:00