CVE-2022-37775 Genesys PureConnect Interaction Web Tools Chat Service has XSS in the Printable Chat History via the participant -> name JSON POST parameter.
This injection can be used for issuing a XSS attack to the system users or to other systems if the users are logged in to
CVE-2022-36536 An issue in the component post_applogin.php of Super Flexible Software GmbH & Co
Additionally, this issue may allow remote attackers to hijack the authentication of arbitrary users, due to insecure handling of the CSRF protection mechanism. In order
CVE-2022-38542 Archery v1.4.0 to v1.8.5 had a SQL injection vulnerability in the kill_session interface.
If an attacker could convince a victim to load the Archery website via the vulnerable URL, they could exploit this vulnerability to execute arbitrary SQL
CVE-2022-38616 The SmartVista SVFE2 v2.2.22 had a SQL injection vulnerability in the UserForm:j_id90 parameter.
A successful exploitation could lead to access to critical program functions and possibly system takeover. In addition to the SQL injection issue discovered, SmartVista SVFE2
CVE-2022-38292 The SLiMS Senayan Library Management System v9.4.2 was found to be vulnerable to Server-Side Request Forgery.
An attacker can trick the user into giving him remote system access via the PHP components. In Senayan Library Management System, it is possible to
Episode
00:00:00
00:00:00