CVE-2022-36536 An issue in the component post_applogin.php of Super Flexible Software GmbH & Co
Additionally, this issue may allow remote attackers to hijack the authentication of arbitrary users, due to insecure handling of the CSRF protection mechanism. In order
CVE-2022-38542 Archery v1.4.0 to v1.8.5 had a SQL injection vulnerability in the kill_session interface.
If an attacker could convince a victim to load the Archery website via the vulnerable URL, they could exploit this vulnerability to execute arbitrary SQL
CVE-2022-38616 The SmartVista SVFE2 v2.2.22 had a SQL injection vulnerability in the UserForm:j_id90 parameter.
A successful exploitation could lead to access to critical program functions and possibly system takeover. In addition to the SQL injection issue discovered, SmartVista SVFE2
CVE-2022-38292 The SLiMS Senayan Library Management System v9.4.2 was found to be vulnerable to Server-Side Request Forgery.
An attacker can trick the user into giving him remote system access via the PHP components. In Senayan Library Management System, it is possible to
CVE-2022-40323 SysAid Help Desk before 22.1.65 allows XSS in the Password Services module, aka FR# 67241.
This was addressed in 22.1.66.13 and later. Cisco WebEx Teams does not support the use of XSS in any of its components.
Episode
00:00:00
00:00:00