CVE-2021-44855 An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1
A user with the ability to upload images can post a link to a malicious image hosted outside of MediaWiki, where JavaScript is injected into
CVE-2022-4231 A vulnerability has been found in Tribal Systems Zenario CMS 9.3.57595 that affects Remember Me Handler. Manipulation leads to session fixiation.
This issue was discovered and reported by Dawid Golunski from Fortinet. The Zenario CMS is a content management system with a focus on community publishing.
CVE-2022-2983 The Salat Times WordPress plugin 3.2.2 has security issues because it doesn't sanitize its settings and can be exploited to do Cross-Site Scripting attacks.
If you use this plugin on a website with high traffic or that has a high number of user registrations, this vulnerability could be exploited
CVE-2022-45866 The qpress file editor before version 11.3 allows directory traversal via ../ in a .qp file.
Attackers can exploit this vulnerability to inject and execute arbitrary PHP code in the web server’s directory. Percona XtraBackup’s .qp file format is
CVE-2022-41936 The `modifications` API does not filter entries by user rights.
-XWiki sites using the `modifications` REST endpoints do not filter entries based on the user's rights. This means that information such as comments, page names
Episode
00:00:00
00:00:00