CVE-2022-1591 The WordPress Ping Optimizer plugin before 2.35.1.3.0 had no CSRF check, which could allow attackers to make a logged in admin change them.
If a logged in user visits an attacker controlled blog, a vulnerability in the WordPress plugin can be exploited to change the settings. WordPress plugin
CVE-2022-3232 Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.5.
The CSRF vulnerability exists in the GitHub v2.4.5 API. The attacker can submit a request to the victim to change the content on
CVE-2022-37775 Genesys PureConnect Interaction Web Tools Chat Service has XSS in the Printable Chat History via the participant -> name JSON POST parameter.
This injection can be used for issuing a XSS attack to the system users or to other systems if the users are logged in to
CVE-2022-36536 An issue in the component post_applogin.php of Super Flexible Software GmbH & Co
Additionally, this issue may allow remote attackers to hijack the authentication of arbitrary users, due to insecure handling of the CSRF protection mechanism. In order
CVE-2022-38542 Archery v1.4.0 to v1.8.5 had a SQL injection vulnerability in the kill_session interface.
If an attacker could convince a victim to load the Archery website via the vulnerable URL, they could exploit this vulnerability to execute arbitrary SQL
Episode
00:00:00
00:00:00