CVE-2022-2657 The Multivendor Marketplace Solution for WooCommerce plugin before 3.8.12 had authorisation and CSRF issues, which could allow users to suspend vendors.
attacks on other users’ accounts, such as when a vendor suspends another vendor or when vendors call other vendors and alter their orders. These unauthenticated
CVE-2022-3123 Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a
XSS is a class of vulnerabilities in web applications that execute code in the context of a user's session, either through a direct
CVE-2022-39824 Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code from the server. This can be used for DoS attacks or information leaks.
The currentItem property is not filtered/validated by Appsmith before being sent to the server, which allows remote attackers to inject arbitrary JavaScript via a
CVE-2022-36754 Expense Management System v1.0 had a SQL injection vulnerability in the id parameter.
This can be exploited by hackers to execute arbitrary SQL commands in the application's database. In certain cases, this may lead to the
CVE-2020-22669 a SQL injection vulnerability in Modsecurity OWASP Modsecurity CRS 3.2.0 (PL1)
This issue is rated at a severity level of 2.1 by OWASP and has been assigned the ID of 20164. A attacker can exploit
Episode
00:00:00
00:00:00