Security
Headlines
HeadlinesLatestCVEs

Tag

#firefox

CVE-2022-42753: SalonERP 3.0.2 - XSS to Account Takeover | Advisories | Fluid Attacks

SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks.

CVE
Open in Source
#xss#vulnerability#linux#php#auth#firefox
CVE-2022-43066: bug_report/SQLi-2.md at main · wang1213884/bug_report

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Master.php?f=delete_message.

CVE-2022-43068: bug_report/SQLi-1.md at main · wang1213884/bug_report

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_reservation.

CVE-2022-39353: Missing error for XML documents with multiple root element nodes · Issue #150 · jindw/xmldom

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the `childNodes` collection of the `Document`, without reporting any error or throwing. This breaks the assumption that there is only a single root node in the tree, which led to issuance of CVE-2022-39299 as it is a potential issue for dependents. Update to @xmldom/xmldom@~0.7.7, @xmldom/xmldom@~0.8.4 (dist-tag latest) or @xmldom/xmldom@>=0.9.0-beta.4 (dist-tag next). As a workaround, please one of the following approaches depending on your use case: instead of searching for elements in the whole DOM, only search in the `documentElement`or reject a document with a document that has more then 1 `childNode`.

CVE-2022-43227: bug_report/SQLi-2.md at main · Happyd99/bug_report

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/admin/?page=appointments/view_appointment.

CVE-2022-43226: bug_report/SQLi-1.md at main · Happyd99/bug_report

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/?page=appointments/view_appointment.

CVE-2022-41551: bug_report/SQLi-1.md at main · Happyd99/bug_report

Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editorder.php.

OpenSSL Released Patch for High-Severity Vulnerability Detected Last Week

By Deeba Ahmed The OpenSSL vulnerability was first categorized as critical and later as a high-severity buffer overflow bug that impacted all OpenSSL 3.x installations. This is a post from HackRead.com Read the original post: OpenSSL Released Patch for High-Severity Vulnerability Detected Last Week

The Sky Is Not Falling: Disclosed OpenSSL Bugs Are Serious but Not Critical

Organizations should update to the latest encryption (version 3.0.7) as soon as possible, but there's no need for Heartbleed-like panic, security experts say.

CVE-2022-43331: bug_report/SQLi-3.md at main · YReyi/bug_report

Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php_action/printOrder.php.