Total
224 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3992 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2024-11-21 | N/A | 2.4 LOW |
| A vulnerability classified as problematic was found in SourceCodester Sanitization Management System. Affected by this vulnerability is an unknown functionality of the file admin/?page=system_info of the component Banner Image Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-213571. | |||||
| CVE-2022-3988 | 1 Frappe | 1 Frappe | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability was found in Frappe. It has been rated as problematic. Affected by this issue is some unknown functionality of the file frappe/templates/includes/navbar/navbar_search.html of the component Search. The manipulation of the argument q leads to cross site scripting. The attack may be launched remotely. The name of the patch is bfab7191543961c6cb77fe267063877c31b616ce. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213560. | |||||
| CVE-2022-3975 | 1 Nukeviet | 1 Nukeviet | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in NukeViet CMS. Affected by this issue is the function filterAttr of the file vendor/vinades/nukeviet/Core/Request.php of the component Data URL Handler. The manipulation of the argument attrSubSet leads to cross site scripting. The attack may be launched remotely. Upgrading to version 4.5 is able to address this issue. The name of the patch is 0b3197fad950bb3383e83039a8ee4c9509b3ce02. It is recommended to upgrade the affected component. VDB-213554 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3973 | 1 Hms-php Project | 1 Hms-php | 2024-11-21 | N/A | 7.3 HIGH |
| A vulnerability classified as critical has been found in Pingkon HMS-PHP. Affected is an unknown function of the file /admin/admin.php of the component Data Pump Metadata. The manipulation of the argument uname/pass leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213552. | |||||
| CVE-2022-3972 | 1 Hms-php Project | 1 Hms-php | 2024-11-21 | N/A | 7.3 HIGH |
| A vulnerability was found in Pingkon HMS-PHP. It has been rated as critical. This issue affects some unknown processing of the file admin/adminlogin.php. The manipulation of the argument uname/pass leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213551. | |||||
| CVE-2022-3971 | 1 Matrix | 1 Matrix Irc Bridge | 2024-11-21 | N/A | 4.6 MEDIUM |
| A vulnerability was found in matrix-appservice-irc up to 0.35.1. It has been declared as critical. This vulnerability affects unknown code of the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to sql injection. Upgrading to version 0.36.0 is able to address this issue. The name of the patch is 179313a37f06b298150edba3e2b0e5a73c1415e7. It is recommended to upgrade the affected component. VDB-213550 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3968 | 1 Emlog | 1 Emlog | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability has been found in emlog and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/article_save.php. The manipulation of the argument tag leads to cross site scripting. The attack can be launched remotely. The name of the patch is 5bf7a79826e0ea09bcc8a21f69a0c74107761a02. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213547. | |||||
| CVE-2022-3967 | 1 Vestacp | 1 Control Panel | 2024-11-21 | N/A | 5.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is an unknown function of the file func/main.sh of the component sed Handler. The manipulation leads to argument injection. An attack has to be approached locally. The name of the patch is 39561c32c12cabe563de48cc96eccb9e2c655e25. It is recommended to apply a patch to fix this issue. VDB-213546 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3963 | 1 Sir | 1 Gnuboard | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability was found in gnuboard5. It has been classified as problematic. Affected is an unknown function of the file bbs/faq.php of the component FAQ Key ID Handler. The manipulation of the argument fm_id leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 5.5.8.2.1 is able to address this issue. The name of the patch is ba062ca5b62809106d5a2f7df942ffcb44ecb5a9. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213540. | |||||
| CVE-2022-3956 | 1 Hhims Project | 1 Hhims | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in tsruban HHIMS 2.1. Affected is an unknown function of the component Patient Portrait Handler. The manipulation of the argument PID leads to sql injection. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. VDB-213462 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3955 | 1 Crm42 Project | 1 Crm42 | 2024-11-21 | N/A | 7.3 HIGH |
| A vulnerability was found in tholum crm42. It has been rated as critical. This issue affects some unknown processing of the file crm42\class\class.user.php of the component Login. The manipulation of the argument user_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213461 was assigned to this vulnerability. | |||||
| CVE-2022-3950 | 1 Publiccms | 1 Publiccms | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. Affected is the function initLink of the file dwz.min.js of the component Tab Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a972dc9b1c94aea2d84478bf26283904c21e4ca2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213456. | |||||
| CVE-2022-3949 | 1 Simple Cashiering System Project | 1 Simple Cashiering System | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in Sourcecodester Simple Cashiering System. This issue affects some unknown processing of the component User Account Handler. The manipulation of the argument fullname leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-213455. | |||||
| CVE-2022-3948 | 1 Eolink | 1 Goku Lite | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability classified as critical was found in eolinker goku_lite. This vulnerability affects unknown code of the file /plugin/getList. The manipulation of the argument route/keyword leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-213454 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3947 | 1 Eolink | 1 Goku Lite | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in eolinker goku_lite. This affects an unknown part of the file /balance/service/list. The manipulation of the argument route/keyword leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213453 was assigned to this vulnerability. | |||||
| CVE-2022-3943 | 1 Foru Cms Project | 1 Foru Cms | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability was found in ForU CMS. It has been classified as problematic. Affected is an unknown function of the file cms_chip.php. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-213450 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3942 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability was found in SourceCodester Sanitization Management System and classified as problematic. This issue affects some unknown processing of the file php-sms/?p=request_quote. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-213449 was assigned to this vulnerability. | |||||
| CVE-2022-3941 | 1 Activity Log Project | 1 Activity Log | 2024-11-21 | N/A | 5.3 MEDIUM |
| A vulnerability has been found in Activity Log Plugin and classified as critical. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213448. | |||||
| CVE-2022-3878 | 1 Maxonerp | 1 Maxon | 2024-11-21 | N/A | 7.3 HIGH |
| A vulnerability classified as critical has been found in Maxon ERP. This affects an unknown part of the file /index.php/purchase_order/browse_data. The manipulation of the argument tb_search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213039. | |||||
| CVE-2022-3877 | 1 Clickstudios | 1 Passwordstate | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Affected is an unknown function of the component URL Field Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. VDB-216246 is the identifier assigned to this vulnerability. | |||||