#windows

There is SQL injection vulnerability in Esri ArcGIS Insights 2022.1 for ArcGIS Enterprise and that may allow a remote, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is complex and requires significant effort before a successful attack can be expected.

Aures Booking and POS Terminal suffers from a local privilege escalation vulnerability.

Webile version 1.0.1 suffers from multiple cross site scripting vulnerabilities.

Dooblou WiFi File Explorer version 1.13.3 suffers from multiple cross site scripting vulnerabilities.

Tiva Events Calender version 1.4 suffers from a persistent cross site scripting vulnerability.

Active Super Shop CMS version 2.5 suffers from an html injection vulnerability.

Boom CMS version 8.0.7 suffers from a cross site scripting vulnerability.

Microsoft Office 365 version 18.2305.1222.0 suffers from a remote code execution vulnerability when a malicious link is clicked on in a Word file.

Clip Share version 4.1.4 suffers from a cross site scripting vulnerability.

Ciuis CRM version 1.0.8 suffers from an add administrator vulnerability.