CVE-2022-40317 OpenKM 6.3.11 allows stored XSS related to the javascript: substring in an A element.
This can lead to remote code execution. This can be triggered via a maliciously crafted URL. OpenKM 6.3.11 does not sanitize the first
CVE-2022-36712 The v1.0 Library Management System was found to have a SQL injection vulnerability via the id parameter.
Successful exploitation could cause the application to crash, leak data, or cause other forms of damage. Users are advised to review the id parameter for
CVE-2022-1869 Confusion in V8 allowed a remote attacker to exploit heap corruption.
This issue did not affect most users, as the browser tried to prevent this by performing strict type enforcement. However, since the type system was
CVE-2022-0972 An attacker who convinces a user to install a malicious extension can exploit heap corruption in Chrome.
This issue was addressed by restricting the permissions of extensions installed through the Chrome Web Store. Red Hat Enterprise Linux 7 provides mitigations against a
CVE-2022-21549 Oracle Java SE, Oracle GraalVM Enterprise Edition is affected by a vulnerability in the Libraries component. The vulnerability could allow a remote attacker to obtain system privileges.
by using the sendMessage API with a crafted object. The attacker cannot inject malicious code using the Java language, but can instead use scripting languages
Episode
00:00:00
00:00:00