CVE-2022-3765
Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
Source: CVE-2022-3765
[월:] 2022년 10월
CVE-2022-40742
CVE-2022-40742
Mail SQR Expert system has a Local File Inclusion vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability.
Source: CVE-2022-40742
CVE-2022-40741
CVE-2022-40741
Mail SQR Expert’s specific function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to perform arbitrary system command and disrupt service.
Source: CVE-2022-40741
CVE-2022-39022
CVE-2022-39022
U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file.
Source: CVE-2022-39022
CVE-2022-39023
CVE-2022-39023
U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file.
Source: CVE-2022-39023
CVE-2022-39024
CVE-2022-39024
U-Office Force Bulletin function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack.
Source: CVE-2022-39024
CVE-2022-39026
CVE-2022-39026
U-Office Force UserDefault page has insufficient filtering for special characters in the HTTP header fields. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform XSS (Stored Cross-Site Scripting) attack.
Source: CVE-2022-39026
CVE-2022-39025
CVE-2022-39025
U-Office Force PrintMessage function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack.
Source: CVE-2022-39025
CVE-2022-40739
CVE-2022-40739
Ragic report generation page has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript to perform XSS (Reflected Cross-Site Scripting) attack.
Source: CVE-2022-40739
CVE-2022-39027
CVE-2022-39027
U-Office Force Forum function has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript and perform XSS (Stored Cross-Site Scripting) attack.
Source: CVE-2022-39027