CVE-2022-42110 An XSS vulnerability in Liferay Portal and Liferay DXP allows remote attackers to inject arbitrary web script.
When creating a new Announcement, the application does not properly sanitize user-supplied input, resulting in XSS. When editing an existing Announcement, the application does not
CVE-2022-43689 Concrete CMS is vulnerable to XXE DNS requests that disclose IPs.
Requesting the MX hostname record for a subdomain leading to the server’s public IP address, for instance
www.example.com
results in the delivery
CVE-2022-45194 CBRN-Analysis before 22 allows XXE attacks, leading to NTLMv2-SSP hash disclosure.
CVE-2016-3626 An XXE attack can occur when parsing am mws XML document in CCM before 22 allows XXE attacks via am mws XML document, leading
CVE-2022-43120 An XSS vulnerability in Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML.
This issue is rated as critical due to the possibility of remote code execution and the fact that it can be exploited via a maliciously
CVE-2022-40747 IBM InfoSphere Information Server is vulnerable to an XML External Entity Injection attack. An attacker could exploit this to reveal sensitive information or consume memory resources.
Information on possible vectors of attack and fixes can be found here. Information on possible vectors of attack and fixes can be found here. CVE-2018-3092
Episode
00:00:00
00:00:00