Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

Library Management System With QR Code 1.0 Cross Site Scripting

Library Management System with QR Code version 1.0 suffers from a persistent cross site scripting vulnerability.

Packet Storm
Open in Source
#xss#vulnerability#web#windows#apple#git#php#auth#chrome#webkit
Library Management System With QR Code 1.0 Shell Upload

Library Management System with QR Code version 1.0 suffers from a remote shell upload vulnerability.

WSO2 Management Console Cross Site Scripting

WSO2 Management Console suffers from a cross site scripting vulnerability. Many different product versions are affected.

CVE-2022-2212: CVE/POC.md at main · CyberThoth/CVE

A vulnerability was found in SourceCodester Library Management System 1.0. It has been classified as critical. Affected is an unknown function of the component /card/index.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2022-2214: CVE/POC.md at main · CyberThoth/CVE

A vulnerability was found in SourceCodester Library Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /librarian/bookdetails.php. The manipulation of the argument id with the input ' AND (SELECT 9198 FROM (SELECT(SLEEP(5)))iqZA)-- PbtB leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2022-2213: CVE/POC.md at main · CyberThoth/CVE

A vulnerability was found in SourceCodester Library Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/edit_admin_details.php?id=admin. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2022-34491: ⚓ T307028 XSS in Extension:RSS when $wgRSSAllowLinkTag = true;

In the RSS extension for MediaWiki through 1.38.1, when the $wgRSSAllowLinkTag config variable was set to true, and a new RSS feed was created with certain XSS payloads within its description tags and added to the $wgRSSUrlWhitelist config variable, stored XSS could occur via MediaWiki's template system whenever that feed was loaded via the rss document tag.

CVE-2022-33121: There is CSRF vulnerabilities that can lead to deleting local .dat files · Issue #45 · bg5sbk/MiniCMS

A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers to arbitrarily delete local .dat files via clicking on a malicious link.

CVE-2022-33639: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.