Auto Generated cves.json [Mon Apr 3 05:31:25 UTC 2023] 🤖
parent
7c15909a67
commit
65bab6e8e3
|
@ -1507,7 +1507,7 @@
|
||||||
{"ID":"CVE-2022-26159","Info":{"Name":"Ametys CMS Information Disclosure","Severity":"medium","Description":"Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/domain/en.xml (and similar pathnames for other languages) via the auto-completion plugin, which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords.","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2022/CVE-2022-26159.yaml"}
|
{"ID":"CVE-2022-26159","Info":{"Name":"Ametys CMS Information Disclosure","Severity":"medium","Description":"Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/domain/en.xml (and similar pathnames for other languages) via the auto-completion plugin, which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords.","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2022/CVE-2022-26159.yaml"}
|
||||||
{"ID":"CVE-2022-26233","Info":{"Name":"Barco Control Room Management Suite \u003c=2.9 Build 0275 - Local File Inclusion","Severity":"high","Description":"Barco Control Room Management through Suite 2.9 Build 0275 is vulnerable to local file inclusion that could allow attackers to access sensitive information and components. Requests must begin with the \"GET /..\\..\" substring.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-26233.yaml"}
|
{"ID":"CVE-2022-26233","Info":{"Name":"Barco Control Room Management Suite \u003c=2.9 Build 0275 - Local File Inclusion","Severity":"high","Description":"Barco Control Room Management through Suite 2.9 Build 0275 is vulnerable to local file inclusion that could allow attackers to access sensitive information and components. Requests must begin with the \"GET /..\\..\" substring.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-26233.yaml"}
|
||||||
{"ID":"CVE-2022-26263","Info":{"Name":"Yonyou U8 13.0 - Cross-Site Scripting","Severity":"medium","Description":"Yonyou U8 13.0 contains a DOM-based cross-site scripting vulnerability via the component /u8sl/WebHelp. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2022/CVE-2022-26263.yaml"}
|
{"ID":"CVE-2022-26263","Info":{"Name":"Yonyou U8 13.0 - Cross-Site Scripting","Severity":"medium","Description":"Yonyou U8 13.0 contains a DOM-based cross-site scripting vulnerability via the component /u8sl/WebHelp. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2022/CVE-2022-26263.yaml"}
|
||||||
{"ID":"CVE-2022-2627","Info":{"Name":"Newspaper \u003c 12 - Cross-Site Scripting","Severity":"medium","Description":"The theme Newspaper does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2022/CVE-2022-2627.yaml"}
|
{"ID":"CVE-2022-2627","Info":{"Name":"Newspaper \u003c 12 - Cross-Site Scripting","Severity":"medium","Description":"The theme Newspaper does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-2627.yaml"}
|
||||||
{"ID":"CVE-2022-2633","Info":{"Name":"All In One Video Gallery Plugin - Unauthenticated Arbitrary File Download \u0026 SSRF vulnerability","Severity":"","Description":"Unauthenticated Arbitrary File Download \u0026 SSRF vulnerability in WordPress All In One Video Gallery Plugin (versions \u003c= 2.6.0).\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2022/CVE-2022-2633.yaml"}
|
{"ID":"CVE-2022-2633","Info":{"Name":"All In One Video Gallery Plugin - Unauthenticated Arbitrary File Download \u0026 SSRF vulnerability","Severity":"","Description":"Unauthenticated Arbitrary File Download \u0026 SSRF vulnerability in WordPress All In One Video Gallery Plugin (versions \u003c= 2.6.0).\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2022/CVE-2022-2633.yaml"}
|
||||||
{"ID":"CVE-2022-26352","Info":{"Name":"DotCMS - Arbitrary File Upload","Severity":"critical","Description":"DotCMS management system contains an arbitrary file upload vulnerability via the /api/content/ path which can allow attackers to upload malicious Trojans to obtain server permissions.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-26352.yaml"}
|
{"ID":"CVE-2022-26352","Info":{"Name":"DotCMS - Arbitrary File Upload","Severity":"critical","Description":"DotCMS management system contains an arbitrary file upload vulnerability via the /api/content/ path which can allow attackers to upload malicious Trojans to obtain server permissions.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-26352.yaml"}
|
||||||
{"ID":"CVE-2022-26564","Info":{"Name":"HotelDruid Hotel Management Software 3.0.3 - Cross-Site Scripting","Severity":"medium","Description":"HotelDruid Hotel Management Software 3.0.3 contains a cross-site scripting vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-26564.yaml"}
|
{"ID":"CVE-2022-26564","Info":{"Name":"HotelDruid Hotel Management Software 3.0.3 - Cross-Site Scripting","Severity":"medium","Description":"HotelDruid Hotel Management Software 3.0.3 contains a cross-site scripting vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-26564.yaml"}
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
f50537d14af02688275f3f413db86592
|
9efccc5f00a1a3bc74b85206dfd41384
|
||||||
|
|
Loading…
Reference in New Issue