• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-23051
2022-03-10
N/A
5.4 MEDIUM
PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svg_file' parameter.
CVE-2022-23050
Manageengine Applications Manager, Zohocorp
Manageengine_adselfservice_plus, Application_control_plus, Desktop_central, Firewall_analyzer, Log360, Manageengine_access_manager_plus, Manageengine_ad360, Manageengine_adaudit_plus, Manageengine_admanager_plus, Manageengine_analytics_plus
2022-06-08
N/A
7.2 HIGH
ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality.
CVE-2022-2305
2022-08-05
N/A
4.8 MEDIUM
The WordPress Popup WordPress plugin through 1.9.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2022-23049
2022-02-17
N/A
5.4 MEDIUM
Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session.
CVE-2022-23048
2022-02-17
N/A
7.2 HIGH
Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/{rce}.php" from where can be accessed in order to execute commands.
CVE-2022-23047
2022-02-16
N/A
4.8 MEDIUM
Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configure_site"
CVE-2022-23046
2022-02-11
N/A
7.2 HIGH
PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php
CVE-2022-23045
2022-01-25
N/A
4.8 MEDIUM
PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the "Site title" parameter while updating the site settings. The "Site title" setting is injected in several locations which triggers the XSS.
CVE-2022-23044
2023-02-01
N/A
8.8 HIGH
Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to persuade users to perform unintended actions within the application. This is possible because the application is vulnerable to CSRF.
CVE-2022-23043
2022-03-03
N/A
7.2 HIGH
Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server.
« Previous 1 … 10,619 10,620 10,621 10,622 10,623 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE