CVE-2022-31897
SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via public_html/register_visitor?msg=.
Source: CVE-2022-31897
[월:] 2022년 06월
CVE-2022-28803
CVE-2022-28803
In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR).
Source: CVE-2022-28803
CVE-2022-29269
CVE-2022-29269
In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address.
Source: CVE-2022-29269
CVE-2022-31266
CVE-2022-31266
In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over accounts.
Source: CVE-2022-31266
CVE-2022-29270
CVE-2022-29270
In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address.
Source: CVE-2022-29270
CVE-2022-29271
CVE-2022-29271
In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. This allows an attacker to permanently disable all monitoring checks.
Source: CVE-2022-29271
CVE-2022-32532
CVE-2022-32532
Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
Source: CVE-2022-32532
CVE-2022-31884
CVE-2022-31884
Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys.
Source: CVE-2022-31884
CVE-2022-31887
CVE-2022-31887
Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user’s password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password.
Source: CVE-2022-31887