CVE-2022-38527 CMS v1.6.0 had a XSS vulnerability in the Import function.
This can be exploited by malicious users to inject arbitrary JavaScript into your site's code. A cross-site request forgery (CSRF) vulnerability was also
CVE-2022-2754 The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not validate and escape some reservation parameters, which could allow unauthenticated attackers to perform SQL Injection attacks.
through the WordPress admin interface. An attacker can inject a SQL statement by sending a malicious request to the vulnerable server, then by sending a
CVE-2022-1591 The WordPress Ping Optimizer plugin before 2.35.1.3.0 had no CSRF check, which could allow attackers to make a logged in admin change them.
If a logged in user visits an attacker controlled blog, a vulnerability in the WordPress plugin can be exploited to change the settings. WordPress plugin
CVE-2022-3232 Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.5.
The CSRF vulnerability exists in the GitHub v2.4.5 API. The attacker can submit a request to the victim to change the content on
CVE-2022-37775 Genesys PureConnect Interaction Web Tools Chat Service has XSS in the Printable Chat History via the participant -> name JSON POST parameter.
This injection can be used for issuing a XSS attack to the system users or to other systems if the users are logged in to
Episode
00:00:00
00:00:00