CVE-2022-38463 ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality.
Logging out from one customer profile will reflect on any other customer profile. This can lead to a situation where a malicious customer could potentially
CVE-2022-29468 CSRF vulnerability in WWBN AVideo 11.6 and dev master commit 3f7c0364 allows HTTP requests to increase privileges.
To exploit this vulnerability, an attacker must trick a user into clicking a crafted link. For example, attackers can host a website on a server
CVE-2022-2388 The WP Coder plugin before 2.5.3 didn't have CSRF check when deleting code, which could allow attackers to make a logged in admin delete arbitrary ones.
Multiple logged in users can also delete code in a project. WordPress 4.7 fixes this vulnerability by including CSRF protection for actions that can
CVE-2022-36251 Clinic's Patient Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via patients.php
A remote attacker can inject malicious code into the system via this vector. An attacker can create a patient record with a script that causes
CVE-2022-33201 The MailerLite - Signup forms (official) plugin 1.5.7 has a CSRF vulnerability that allows an attacker to change the API key.
This issue happens when a user signs up for a MailerLite account through a WordPress site. During the registration process, an attacker can use a
Episode
00:00:00
00:00:00