CVE-2022-36583 DedeCMS V5.7.97 has XSS vulnerabilities at /dede/co_do.php via dopost, rpok, and aid parameters.
A remote attacker could leverage these issues to execute arbitrary code in the context of the affected website.
An unauthenticated user could also access and
CVE-2022-3072 Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3.
This type of injection allows an attacker to inject arbitrary code in another web application’s user session through the manipulation of request parameters. The
CVE-2022-36675 Task scheduling system v1.0 was found to have a SQL injection vulnerability.
A user controlled or user supplied input could cause a serious risk if directly injected.
An attacker can inject SQL queries to inject malicious code
CVE-2022-36674 A SQL injection was found in Task Scheduling System v1.0's id parameter.
A hacker can inject arbitrary SQL codes in the id parameter to inject SQL codes that may delete, insert, update, or retrieve data. If you
CVE-2022-36676 An SQL injection was found in the Task Scheduling System v1.0. id parameter.
This flaw could be exploited by injecting malicious code into the database or via cross-site request forgery (CSRF) if users’ input was hijacked. The id
Episode
00:00:00
00:00:00