CWE:
 

Tytuł
Data
Autor
Low
WordPress 5.1.1 Slider Revolution 4.6.5 UpdateCaptionsCSS Remote Content Injection
21.03.2019
KingSkrupellos


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-11-23
Waiting for details
CVE-2022-41934

Updating...
 

 
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on commonly accessible documents including the menu macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation due to improper escaping of the macro content and parameters of the menu macro. The problem has been patched in XWiki 14.6RC1, 13.10.8 and 14.4.3. The patch (commit `2fc20891`) for the document `Menu.MenuMacro` can be manually applied or a XAR archive of a patched version can be imported. The menu macro was basically unchanged since XWiki 11.6 so on XWiki 11.6 or later the patch for version of 13.10.8 (commit `59ccca24a`) can most likely be applied, on XWiki version 14.0 and later the versions in XWiki 14.6 and 14.4.3 should be appropriate.

 
2022-11-20
Waiting for details
CVE-2022-4085

Updating...
 

 
A vulnerability was found in Top Infosoft Visitor Details Plugin and classified as problematic. Affected by this issue is some unknown functionality of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214052.

 
Waiting for details
CVE-2022-4084

Updating...
 

 
A vulnerability has been found in Activity Log Plugin and classified as problematic. Affected by this vulnerability is an unknown functionality of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214051.

 
Waiting for details
CVE-2022-4083

Updating...
 

 
A vulnerability, which was classified as problematic, was found in MyTechTalky User Location and IP Plugin. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214050 is the identifier assigned to this vulnerability.

 
Waiting for details
CVE-2022-4082

Updating...
 

 
A vulnerability, which was classified as problematic, has been found in Solwin Infotech User Activity Log Plugin. This issue affects some unknown processing of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214049 was assigned to this vulnerability.

 
Waiting for details
CVE-2022-4081

Updating...
 

 
A vulnerability classified as problematic was found in getseofix Show Visitor IP Address Widget and Shortcode Plugin. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214048.

 
Waiting for details
CVE-2022-4080

Updating...
 

 
A vulnerability classified as problematic has been found in Opal Login History Plugin. This affects an unknown part of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214047.

 
Waiting for details
CVE-2022-4078

Updating...
 

 
A vulnerability was found in IP Location Block Plugin. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214045 was assigned to this vulnerability.

 
Waiting for details
CVE-2022-4077

Updating...
 

 
A vulnerability was found in Yellow Tree Geolocation IP Detection Plugin. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214044.

 
Waiting for details
CVE-2022-4079

Updating...
 

 
A vulnerability was found in Show Visitor IP Plugin. It has been rated as problematic. Affected by this issue is some unknown functionality of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214046 is the identifier assigned to this vulnerability.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top