CVE-2022-39957 The OWASP ModSecurity CRS is affected by a response body bypass, which allows a client to issue an Accept header with an optional "charset" parameter.
The OWASP ModSecurity CRS is affected by a cross-site request forgery (CSRF) vulnerability. A malicious actor may pose as an innocent third party, to trick
CVE-2022-3000 XSS stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
It was found that due to the way data was sanitized before being stored to session, there was a possibility of XSS. It was patched
CVE-2022-38527 CMS v1.6.0 had a XSS vulnerability in the Import function.
This can be exploited by malicious users to inject arbitrary JavaScript into your site's code. A cross-site request forgery (CSRF) vulnerability was also
CVE-2022-1591 The WordPress Ping Optimizer plugin before 2.35.1.3.0 had no CSRF check, which could allow attackers to make a logged in admin change them.
If a logged in user visits an attacker controlled blog, a vulnerability in the WordPress plugin can be exploited to change the settings. WordPress plugin
CVE-2022-2754 The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not validate and escape some reservation parameters, which could allow unauthenticated attackers to perform SQL Injection attacks.
through the WordPress admin interface. An attacker can inject a SQL statement by sending a malicious request to the vulnerable server, then by sending a
Episode
00:00:00
00:00:00