daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Auto Generated cves.json [Mon Apr 3 05:31:25 UTC 2023] 🤖

patch-1
GitHub Action 2023-04-03 05:31:25 +00:00
parent 7c15909a67
commit 65bab6e8e3
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cves.json
View File

@ -1507,7 +1507,7 @@
{"ID":"CVE-2022-26159","Info":{"Name":"Ametys CMS Information Disclosure","Severity":"medium","Description":"Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/domain/en.xml (and similar pathnames for other languages) via the auto-completion plugin, which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords.","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2022/CVE-2022-26159.yaml"}
{"ID":"CVE-2022-26233","Info":{"Name":"Barco Control Room Management Suite \u003c=2.9 Build 0275 - Local File Inclusion","Severity":"high","Description":"Barco Control Room Management through Suite 2.9 Build 0275 is vulnerable to local file inclusion that could allow attackers to access sensitive information and components. Requests must begin with the \"GET /..\\..\" substring.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-26233.yaml"}
{"ID":"CVE-2022-26263","Info":{"Name":"Yonyou U8 13.0 - Cross-Site Scripting","Severity":"medium","Description":"Yonyou U8 13.0 contains a DOM-based cross-site scripting vulnerability via the component /u8sl/WebHelp. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2022/CVE-2022-26263.yaml"}
{"ID":"CVE-2022-2627","Info":{"Name":"Newspaper \u003c 12 - Cross-Site Scripting","Severity":"medium","Description":"The theme Newspaper does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2022/CVE-2022-2627.yaml"}
{"ID":"CVE-2022-2627","Info":{"Name":"Newspaper \u003c 12 - Cross-Site Scripting","Severity":"medium","Description":"The theme Newspaper does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-2627.yaml"}
{"ID":"CVE-2022-2633","Info":{"Name":"All In One Video Gallery Plugin - Unauthenticated Arbitrary File Download \u0026 SSRF vulnerability","Severity":"","Description":"Unauthenticated Arbitrary File Download \u0026 SSRF vulnerability in WordPress All In One Video Gallery Plugin (versions \u003c= 2.6.0).\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2022/CVE-2022-2633.yaml"}
{"ID":"CVE-2022-26352","Info":{"Name":"DotCMS - Arbitrary File Upload","Severity":"critical","Description":"DotCMS management system contains an arbitrary file upload vulnerability via the /api/content/ path which can allow attackers to upload malicious Trojans to obtain server permissions.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-26352.yaml"}
{"ID":"CVE-2022-26564","Info":{"Name":"HotelDruid Hotel Management Software 3.0.3 - Cross-Site Scripting","Severity":"medium","Description":"HotelDruid Hotel Management Software 3.0.3 contains a cross-site scripting vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-26564.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
f50537d14af02688275f3f413db86592
9efccc5f00a1a3bc74b85206dfd41384