daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Auto Generated cves.json [Tue Feb 14 18:59:37 UTC 2023] 🤖

patch-1
GitHub Action 2023-02-14 18:59:37 +00:00
parent 1666ee596e
commit c4ef4a29b5
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@ -1450,6 +1450,7 @@
{"ID":"CVE-2022-28363","Info":{"Name":"Reprise License Manager 14.2 - Cross-Site Scripting","Severity":"medium","Description":"Reprise License Manager 14.2 contains a reflected cross-site scripting vulnerability in the /goform/login_process 'username' parameter via GET, whereby no authentication is required.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-28363.yaml"}
{"ID":"CVE-2022-28365","Info":{"Name":"Reprise License Manager 14.2 - Information Disclosure","Severity":"medium","Description":"Reprise License Manager 14.2 is susceptible to information disclosure via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture and file/directory information. An attacker can possibly obtain further sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2022/CVE-2022-28365.yaml"}
{"ID":"CVE-2022-2863","Info":{"Name":"WordPress WPvivid Backup \u003c0.9.76 - Local File Inclusion","Severity":"medium","Description":"WordPress WPvivid Backup version 0.9.76 is vulnerable to local file inclusion because the plugin does not sanitize and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server.","Classification":{"CVSSScore":"4.9"}},"file_path":"cves/2022/CVE-2022-2863.yaml"}
{"ID":"CVE-2022-28923","Info":{"Name":"Caddy 2.4.6 Open Redirect","Severity":"medium","Description":"Caddy version 2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-28923.yaml"}
{"ID":"CVE-2022-28955","Info":{"Name":"D-Link DIR-816L - Improper Access Control","Severity":"high","Description":"D-Link DIR-816L_FW206b01 is susceptible to improper access control. An attacker can access folders folder_view.php and category_view.php and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-28955.yaml"}
{"ID":"CVE-2022-29004","Info":{"Name":"Diary Management System 1.0 - Cross-Site Scripting","Severity":"medium","Description":"Diary Management System 1.0 contains a cross-site scripting vulnerability via the Name parameter in search-result.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-29004.yaml"}
{"ID":"CVE-2022-29005","Info":{"Name":"Online Birth Certificate System 1.2 - Stored Cross-Site Scripting","Severity":"medium","Description":"Online Birth Certificate System 1.2 contains multiple stored cross-site scripting vulnerabilities in the component /obcs/user/profile.php, which allows an attacker to execute arbitrary web script or HTML via a crafted payload injected into the fname or lname parameters.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-29005.yaml"}