CVE-2022-37794 In Library Management System 1.0 the id_no parameters are vulnerable to SQL injection.
As shown in the below example, when you enter the id_no value (with the ‘/’ prefix) into the ‘Search In’ field of the search form,
CVE-2021-44835 An issue was found in Active Intelligent Visualization 5. The Vdc header is used in a SQL query without being sanitized.
This problem can lead to data being exposed in the query like this example where a user name and password are input in the Vdc
CVE-2022-40317 OpenKM 6.3.11 allows stored XSS related to the javascript: substring in an A element.
This can lead to remote code execution. This can be triggered via a maliciously crafted URL. OpenKM 6.3.11 does not sanitize the first
CVE-2022-36356 An authenticated XSS vulnerability in the Thirty8 Digital Culture Object plugin 4.0.1 or earlier.
Cross-Site scripting occurs when data passed between different websites is vulnerable to injection attacks. Imagine the following scenario: you log in to your online banking
CVE-2022-38275 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/contact/list.
A user with the ‘create’ or ‘update’ permissions can inject a parameter to create or edit arbitrary contact records. For example, the following request creates
Episode
00:00:00
00:00:00