CVE-2021-23266
An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.
Source: CVE-2021-23266
CVE-2021-23266
An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.
Source: CVE-2021-23266
CVE-2021-33318
An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (WatsonWebserver) due to insufficient validation of input IP addresses and netmasks against the internal Matcher list of IP addresses and subnets.
Source: CVE-2021-33318
CVE-2022-1713
SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.
Source: CVE-2022-1713
CVE-2022-30523
Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow a low privileged local attacker to delete the contents of an arbitrary folder as SYSTEM which can then be used for privilege escalation on the affected machine.
Source: CVE-2022-30523
CVE-2022-1557
The ULeak Security & Monitoring WordPress plugin through 1.2.3 does not have authorisation and CSRF checks when updating its settings, and is also lacking sanitisation as well as escaping in some of them, which could allow any authenticated users such as subscriber to perform Stored Cross-Site Scripting attacks against admins viewing the settings
Source: CVE-2022-1557
CVE-2022-1721
Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application.
Source: CVE-2022-1721
CVE-2022-1722
SSRF in editor’s proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses
Source: CVE-2022-1722
CVE-2022-1726
Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties.
Source: CVE-2022-1726
CVE-2022-1560
The Amministrazione Aperta WordPress plugin through 3.7.3 does not validate the open parameter before using it in an include statement, leading to a Local File Inclusion issue. The original advisory mentions that unauthenticated users can exploit this, however the affected file generates a fatal error when accessed directly and the affected code is not reached. The issue can be exploited via the dashboard when logged in as an admin, or by making a logged in admin open a malicious link
Source: CVE-2022-1560
CVE-2022-1728
Allowing long password leads to denial of service in polonel/trudesk in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.
Source: CVE-2022-1728