Monthly Archive: March 2022

Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin

Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin

Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat

Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions

SurveyKing v0.2.0 was discovered to retain users’ session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the application. Date published :...

A stored cross-site scripting (XSS) vulnerability in the Column module of ClassCMS v2.5 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Articles field....

ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user’s data. Attackers who are able to gain remote or local access to the system are...

A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file. Date published : 2022-03-25 http://douphp.com https://github.com/aqianhei/aqian/issues/1#issue-1142472278

TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is exploited via a crafted POST request. Date published : 2022-03-25 http://typesettercms.com https://github.com/Typesetter/Typesetter/issues/697

Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a user’s password hash using a specially crafted regular expression filter in...

Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in a Deno...

The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container images. The imgcrypt function `CheckAuthorization` is...

grpc-swift is the Swift language implementation of gRPC, a remote procedure call (RPC) framework. Prior to version 1.7.2, a grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This...

A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Management System version 6.0.0. Date published : 2022-03-25 https://github.com/openemr https://securityforeveryone.com/blog/openemr-0-day-stored-cross-site-scripting-xss-vulnerability-cve-2022-24643