CVE-2022-35137 DGIOT 4.5.4 had multiple XSS vulnerabilities.
These issues could be exploited by malicious people to conduct cross-site scripting attacks. A total of 14 XSS flaws were found in DGIOT Lightweight industrial
CVE-2021-42046 An issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2
This could cause an attacker to inject JavaScript into logged-out users' views, leading to potential information disclosure.
An issue was discovered in the Multibug
CVE-2022-40048 Flatpress v1.2.1 contains an RCE vulnerability in the Upload File function.
An attacker can upload a malicious file and cause the application to crash, or execute arbitrary PHP code on the server. This is a critical
CVE-2022-31629 An older PHP version can set a cookie for later use which is treated as a '__Host-' or '__Secure-' cookie.
This can be exploited by malicious or compromised websites to facilitate a cross-site request forgery (CSRF) attack to take control of the affected website.
In
CVE-2022-31628 PHP versions before 7.4.31, 8.0.24 and 8.1.11 had a bug in the gzip uncompressor that could cause an infinite loop.
This has been fixed in version 7.4.31 and later. For more information, visit the phar uncompressor GitHub page.
XSS in unpacked phar files
Episode
00:00:00
00:00:00