Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-125006 | 1 Ffmpeg | 1 Ffmpeg | 2022-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function output_frame of the file libavcodec/h264.c. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2014-125004 | 1 Ffmpeg | 1 Ffmpeg | 2022-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been found in FFmpeg 2.0 and classified as problematic. This vulnerability affects the function decode_hextile of the file libavcodec/vmnc.c. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2014-125003 | 1 Ffmpeg | 1 Ffmpeg | 2022-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function get_siz of the file libavcodec/jpeg2000dec.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2014-125002 | 1 Ffmpeg | 1 Ffmpeg | 2022-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function dnxhd_init_rc of the file libavcodec/dnxhdenc.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2014-125009 | 1 Ffmpeg | 1 Ffmpeg | 2022-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function add_yblock of the file libavcodec/snow.h. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2014-125008 | 1 Ffmpeg | 1 Ffmpeg | 2022-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability classified as problematic has been found in FFmpeg 2.0. Affected is the function vorbis_header of the file libavformat/oggparsevorbis.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2014-125010 | 1 Ffmpeg | 1 Ffmpeg | 2022-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function decode_slice_header of the file libavcodec/h64.c. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2014-125012 | 1 Ffmpeg | 1 Ffmpeg | 2022-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is an unknown function of the file libavcodec/dxtroy.c. The manipulation leads to integer coercion error. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2022-26668 | 1 Asus | 1 Control Center | 2022-06-27 | 6.4 MEDIUM | 6.5 MEDIUM |
| ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service. | |||||
| CVE-2014-125013 | 1 Ffmpeg | 1 Ffmpeg | 2022-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function msrle_decode_frame of the file libavcodec/msrle.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2022-26669 | 1 Asus | 1 Control Center | 2022-06-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| ASUS Control Center is vulnerable to SQL injection. An authenticated remote attacker with general user privilege can inject SQL command to specific API parameters to acquire database schema or access data. | |||||
| CVE-2014-125014 | 1 Ffmpeg | 1 Ffmpeg | 2022-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is an unknown functionality of the component HEVC Video Decoder. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2014-125016 | 1 Ffmpeg | 1 Ffmpeg | 2022-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in FFmpeg 2.0. It has been rated as problematic. This issue affects the function ff_init_buffer_info of the file utils.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2022-31734 | 1 Cisco | 4 Ws-c2940-8tf-s, Ws-c2940-8tf-s Firmware, Ws-c2940-8tt-s and 1 more | 2022-06-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** Unsupported When Assigned ** Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc. contain a reflected cross-site scripting vulnerability regarding error page generation. An arbitrary script may be executed on the web browser of the user who is using the product. The affected firmware is prior to 12.2(50)SY released in 2011, and Cisco Catalyst 2940 Series Switches have been retired since January 2015. | |||||
| CVE-2022-25772 | 1 Acquia | 1 Mautic | 2022-06-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the web tracking component of Mautic before 4.3.0 allows remote attackers to inject executable javascript | |||||
| CVE-2022-2085 | 2 Artifex, Fedoraproject | 2 Ghostscript, Fedora | 2022-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_procs defined for the device that uses it as a prototype that depends upon the number of bits per pixel. For bpp > 64, mem_x_device is used and does not have an init_device_procs defined. This flaw allows an attacker to parse a large number of bits (more than 64 bits per pixel), which triggers a NULL pointer dereference flaw, causing an application to crash. | |||||
| CVE-2022-32983 | 1 Nic | 1 Knot Resolver | 2022-06-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit forwarding actions by filters. | |||||
| CVE-2021-33295 | 1 Joplin Project | 1 Joplin | 2022-06-27 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html. | |||||
| CVE-2021-36608 | 1 Webtareas Project | 1 Webtareas | 2022-06-27 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /projects/editproject.php. | |||||
| CVE-2021-36609 | 1 Webtareas Project | 1 Webtareas | 2022-06-27 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /linkedcontent/editfolder.php. | |||||
| CVE-2022-20736 | 1 Cisco | 1 Appdynamics Controller | 2022-06-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software could allow an unauthenticated, remote attacker to access a configuration file and the login page for an administrative console that they would not normally have authorization to access. This vulnerability is due to improper authorization checking for HTTP requests that are submitted to the affected web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected instance of AppDynamics Controller. A successful exploit could allow the attacker to access the login page for an administrative console. AppDynamics has released software updates that address this vulnerability. | |||||
| CVE-2018-14048 | 2 Libpng, Oracle | 3 Libpng, Jdk, Jre | 2022-06-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image. | |||||
| CVE-2018-13785 | 4 Canonical, Libpng, Oracle and 1 more | 7 Ubuntu Linux, Libpng, Jdk and 4 more | 2022-06-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service. | |||||
| CVE-2017-10081 | 3 Debian, Netapp, Oracle | 19 Debian Linux, Active Iq Unified Manager, Cloud Backup and 16 more | 2022-06-27 | 4.3 MEDIUM | 4.3 MEDIUM |
| Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). | |||||
| CVE-2018-2973 | 4 Hp, Netapp, Oracle and 1 more | 20 Xp7 Command View, Active Iq Unified Manager, Cloud Backup and 17 more | 2022-06-27 | 4.3 MEDIUM | 5.9 MEDIUM |
| Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). | |||||
| CVE-2018-3180 | 5 Canonical, Debian, Hp and 2 more | 14 Ubuntu Linux, Debian Linux, Xp7 Command View and 11 more | 2022-06-27 | 6.8 MEDIUM | 5.6 MEDIUM |
| Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L). | |||||
| CVE-2018-3211 | 1 Oracle | 2 Jdk, Jre | 2022-06-27 | 3.3 LOW | 6.6 MEDIUM |
| Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serviceability). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). This vulnerability can only be exploited when Java Usage Tracker functionality is being used. CVSS 3.0 Base Score 6.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N). | |||||
| CVE-2017-10053 | 5 Debian, Netapp, Oracle and 2 more | 28 Debian Linux, Active Iq Unified Manager, Cloud Backup and 25 more | 2022-06-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2019-5065 | 1 Blynk | 1 Blynk-library | 2022-06-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| An exploitable information disclosure vulnerability exists in the packet-parsing functionality of Blynk-Library v0.6.1. A specially crafted packet can cause an unterminated strncpy, resulting in information disclosure. An attacker can send a packet to trigger this vulnerability. | |||||
| CVE-2019-5034 | 1 Google | 2 Nest Cam Iq Indoor, Nest Cam Iq Indoor Firmware | 2022-06-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| An exploitable information disclosure vulnerability exists in the Weave Legacy Pairing functionality of Nest Cam IQ Indoor version 4620002. A set of specially crafted weave packets can cause an out of bounds read, resulting in information disclosure. An attacker can send packets to trigger this vulnerability. | |||||
| CVE-2019-5070 | 1 Epignosishq | 1 Efront Lms | 2022-06-27 | 6.4 MEDIUM | 6.5 MEDIUM |
| An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Specially crafted web request to login page can cause SQL injections, resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required. | |||||
| CVE-2018-3214 | 5 Canonical, Debian, Hp and 2 more | 14 Ubuntu Linux, Debian Linux, Xp7 Command View and 11 more | 2022-06-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2019-5094 | 5 Canonical, Debian, E2fsprogs Project and 2 more | 6 Ubuntu Linux, Debian Linux, E2fsprogs and 3 more | 2022-06-27 | 4.6 MEDIUM | 6.7 MEDIUM |
| An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. | |||||
| CVE-2021-36827 | 1 Ninjaforms | 1 Ninja Forms | 2022-06-27 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Saturday Drive's Ninja Forms Contact Form plugin <= 3.6.9 at WordPress via "label". | |||||
| CVE-2022-31294 | 1 Online Discussion Forum Site Project | 1 Online Discussion Forum Site | 2022-06-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue in the save_users() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily create or update user accounts. | |||||
| CVE-2022-31301 | 1 Angtech | 1 Haraj | 2022-06-27 | 3.5 LOW | 5.4 MEDIUM |
| Haraj v3.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Post Ads component. | |||||
| CVE-2022-31060 | 1 Discourse | 1 Discourse | 2022-06-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| Discourse is an open-source discussion platform. Prior to version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches, banner topic data is exposed on login-required sites. This issue is patched in version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches of Discourse. As a workaround, one may disable banners. | |||||
| CVE-2021-41420 | 1 Maianmedia | 1 Maianaffiliate | 2022-06-27 | 3.5 LOW | 5.4 MEDIUM |
| A stored XSS vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker for arbitrary JavaScript code execution in the context of authenticated and unauthenticated users through the MaianAffiliate admin panel. | |||||
| CVE-2022-31589 | 1 Sap | 3 Erp Financial Accounting, Erp Localization For Cee Countries, S\/4hana | 2022-06-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted. | |||||
| CVE-2022-31300 | 1 Angtech | 1 Haraj | 2022-06-27 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability in the DM Section component of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. | |||||
| CVE-2022-31298 | 1 Angtech | 1 Haraj | 2022-06-27 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability in the ads comment section of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. | |||||
| CVE-2021-41458 | 1 Gpac | 1 Mp4box | 2022-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/error.c:1769 which leads to a denial of service vulnerability. | |||||
| CVE-2021-41663 | 1 1234n | 1 Minicms | 2022-06-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability exists in Mini CMS V1.11. The vulnerability exists in the article upload: post-edit.php page. | |||||
| CVE-2022-29455 | 1 Elementor | 1 Website Builder | 2022-06-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions. | |||||
| CVE-2021-46811 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-06-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnerability may cause disclosure of the Card Production Life Cycle (CPLC) information. | |||||
| CVE-2016-1229 | 1 Humhub | 1 Humhub | 2022-06-27 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in HumHub 0.20.0-beta.1 through 0.20.1 and 1.0.0-beta before 1.0.0-beta.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2022-30533 | 1 Webnus | 1 Modern Events Calendar Lite | 2022-06-27 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2022-31906 | 1 Online Fire Reporting System Project | 1 Online Fire Reporting System | 2022-06-27 | 3.5 LOW | 4.8 MEDIUM |
| Online Fire Reporting System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ofrs/classes/Master.php. | |||||
| CVE-2022-31910 | 1 Online Tutor Portal Site Project | 1 Online Tutor Portal Site | 2022-06-27 | 3.5 LOW | 4.8 MEDIUM |
| Online Tutor Portal Site v1.0 is vulnerable to Cross Site Scripting (XSS). via /otps/classes/Master.php. | |||||
| CVE-2022-31913 | 1 Online Discussion Forum Site Project | 1 Online Discussion Forum Site | 2022-06-27 | 3.5 LOW | 4.8 MEDIUM |
| Online Discussion Forum Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /odfs/classes/Master.php?f=save_category, name. | |||||