CVE-2022-40317 OpenKM 6.3.11 allows stored XSS related to the javascript: substring in an A element.
This can lead to remote code execution. This can be triggered via a maliciously crafted URL. OpenKM 6.3.11 does not sanitize the first
CVE-2022-36356 An authenticated XSS vulnerability in the Thirty8 Digital Culture Object plugin 4.0.1 or earlier.
Cross-Site scripting occurs when data passed between different websites is vulnerable to injection attacks. Imagine the following scenario: you log in to your online banking
CVE-2022-38275 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/contact/list.
A user with the ‘create’ or ‘update’ permissions can inject a parameter to create or edit arbitrary contact records. For example, the following request creates
CVE-2022-38272 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list.
An attacker can inject arbitrary SQL commands into the database by injecting a parameter into the URL. For example, an attacker can inject the following
CVE-2022-38283 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/video/list.
By passing a certain parameter to the query, an attacker can execute arbitrary SQL code and obtain sensitive information. - Fixed in 5.1.1.
Episode
00:00:00
00:00:00