CVE-2022-43717
Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
Source: CVE-2022-43717
CVE-2022-43718
Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
Source: CVE-2022-43718
CVE-2016-15020
A vulnerability was found in liftkit database up to 2.13.1. It has been classified as critical. This affects the function processOrderBy of the file src/Query/Query.php. The manipulation leads to sql injection. Upgrading to version 2.13.2 is able to address this issue. The name of the patch is 42ec8f2b22e0b0b98fb5b4444ed451c1b21d125a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218391.
Source: CVE-2016-15020
CVE-2010-10005
A vulnerability was found in msmania poodim. It has been declared as critical. This vulnerability affects unknown code of the component Command Line Argument Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The name of the patch is 6340d5d2c81e55e61522c4b40a6cdd5c39738cc6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218392.
Source: CVE-2010-10005
CVE-2022-4258
In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system.
Source: CVE-2022-4258
CVE-2023-0316
Path Traversal: ‘..filename’ in GitHub repository froxlor/froxlor prior to 2.0.0.
Source: CVE-2023-0316
CVE-2023-0315
Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.
Source: CVE-2023-0315
CVE-2023-0314
Cross-site Scripting (XSS) – Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
Source: CVE-2023-0314
CVE-2023-0311
Improper Authentication in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
Source: CVE-2023-0311
CVE-2023-0312
Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
Source: CVE-2023-0312