diff --git a/cves.json b/cves.json index f41ac61e04..be5bccdb74 100644 --- a/cves.json +++ b/cves.json @@ -1507,7 +1507,7 @@ {"ID":"CVE-2022-26159","Info":{"Name":"Ametys CMS Information Disclosure","Severity":"medium","Description":"Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/domain/en.xml (and similar pathnames for other languages) via the auto-completion plugin, which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords.","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2022/CVE-2022-26159.yaml"} {"ID":"CVE-2022-26233","Info":{"Name":"Barco Control Room Management Suite \u003c=2.9 Build 0275 - Local File Inclusion","Severity":"high","Description":"Barco Control Room Management through Suite 2.9 Build 0275 is vulnerable to local file inclusion that could allow attackers to access sensitive information and components. Requests must begin with the \"GET /..\\..\" substring.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-26233.yaml"} {"ID":"CVE-2022-26263","Info":{"Name":"Yonyou U8 13.0 - Cross-Site Scripting","Severity":"medium","Description":"Yonyou U8 13.0 contains a DOM-based cross-site scripting vulnerability via the component /u8sl/WebHelp. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2022/CVE-2022-26263.yaml"} -{"ID":"CVE-2022-2627","Info":{"Name":"Newspaper \u003c 12 - Cross-Site Scripting","Severity":"medium","Description":"The theme Newspaper does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2022/CVE-2022-2627.yaml"} +{"ID":"CVE-2022-2627","Info":{"Name":"Newspaper \u003c 12 - Cross-Site Scripting","Severity":"medium","Description":"The theme Newspaper does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-2627.yaml"} {"ID":"CVE-2022-2633","Info":{"Name":"All In One Video Gallery Plugin - Unauthenticated Arbitrary File Download \u0026 SSRF vulnerability","Severity":"","Description":"Unauthenticated Arbitrary File Download \u0026 SSRF vulnerability in WordPress All In One Video Gallery Plugin (versions \u003c= 2.6.0).\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2022/CVE-2022-2633.yaml"} {"ID":"CVE-2022-26352","Info":{"Name":"DotCMS - Arbitrary File Upload","Severity":"critical","Description":"DotCMS management system contains an arbitrary file upload vulnerability via the /api/content/ path which can allow attackers to upload malicious Trojans to obtain server permissions.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-26352.yaml"} {"ID":"CVE-2022-26564","Info":{"Name":"HotelDruid Hotel Management Software 3.0.3 - Cross-Site Scripting","Severity":"medium","Description":"HotelDruid Hotel Management Software 3.0.3 contains a cross-site scripting vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-26564.yaml"} diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt index 94a05487ed..aaa5ca9903 100644 --- a/cves.json-checksum.txt +++ b/cves.json-checksum.txt @@ -1 +1 @@ -f50537d14af02688275f3f413db86592 +9efccc5f00a1a3bc74b85206dfd41384