CVE-2022-42110 An XSS vulnerability in Liferay Portal and Liferay DXP allows remote attackers to inject arbitrary web script.
When creating a new Announcement, the application does not properly sanitize user-supplied input, resulting in XSS. When editing an existing Announcement, the application does not
CVE-2022-43689 Concrete CMS is vulnerable to XXE DNS requests that disclose IPs.
Requesting the MX hostname record for a subdomain leading to the server’s public IP address, for instance
www.example.com
results in the delivery
CVE-2022-45194 CBRN-Analysis before 22 allows XXE attacks, leading to NTLMv2-SSP hash disclosure.
CVE-2016-3626 An XXE attack can occur when parsing am mws XML document in CCM before 22 allows XXE attacks via am mws XML document, leading
CVE-2022-27233 - Understanding the XML Injection Flaw in Intel® Quartus Prime Programmer
> _On May 2022, Intel issued an advisory about CVE-2022-27233, detailing a critical XML injection vulnerability in the Quartus® Prime Programmer - a popular FPGA
CVE-2022-43120 An XSS vulnerability in Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML.
This issue is rated as critical due to the possibility of remote code execution and the fact that it can be exploited via a maliciously
Episode
00:00:00
00:00:00