CVE-2022-38292 The SLiMS Senayan Library Management System v9.4.2 was found to be vulnerable to Server-Side Request Forgery.
An attacker can trick the user into giving him remote system access via the PHP components. In Senayan Library Management System, it is possible to
CVE-2022-40323 SysAid Help Desk before 22.1.65 allows XSS in the Password Services module, aka FR# 67241.
This was addressed in 22.1.66.13 and later. Cisco WebEx Teams does not support the use of XSS in any of its components.
CVE-2022-38144 The gVectors Team wpForo Forum plugin has a CSRF vulnerability.
In short, it happens when a user submits a request to an unintended target. This unauthorized request can be made by clicking on an unexpected
CVE-2022-35725 Stored XSS vulnerability in the wp-forecast plugin = 7.5 at WordPress.
This XSS vulnerabitity was fixed in version 8.1.2. To patch this issue, update to the latest version. To patch this issue, update to
CVE-2022-2597 The Visual Portfolio, Photo Gallery & Post Grid plugin before 2.19.0 had some security issues, allowing users with a low role to inject arbitrary CSS.
This is possible because the plugin does not have an ACL on its endpoints. An attacker can send requests to the affected REST APIs as
Episode
00:00:00
00:00:00