CVE-2022-39220 SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are vulnerable to Cross-site scripting (XSS) attacks due to a WebClient bug. An update is available.
SFTPGo is susceptible to Cross-site scripting (XSS) vulnerabilities in the WebClient component. According to the vendor, these vulnerabilities have been fixed in version 2.3.
CVE-2022-38550 An XSS vulnerability in Jeesns v2.0.0 allows attackers to execute arbitrary web scripts or HTML.
This XSS flaw arises from the fact that the /weibo/list component does not properly sanitize user-supplied input before executing it. An attacker can leverage
CVE-2022-38509 Wedding Planner v1.0 had a SQL injection vulnerability where the booking_id parameter was vulnerable.
An attacker can inject malicious SQL code or cause SQL errors in the database via the booking_id parameter. In certain cases, SQL injection can
CVE-2022-2754 The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not validate and escape some reservation parameters, which could allow unauthenticated attackers to perform SQL Injection attacks.
through the WordPress admin interface. An attacker can inject a SQL statement by sending a malicious request to the vulnerable server, then by sending a
CVE-2022-2710 The Scroll To Top WordPress plugin before 1.4.1 has an unfiltered_html setting that allows high privilege users to do Stored Cross-Site Scripting attacks.
The following example shows how a hacker can exploit this to execute arbitrary cross-site scripting attacks: In the above example, the hacker is using a
Episode
00:00:00
00:00:00