Cross-site Scripting (XSS) – Stored in GitHub repository librenms/librenms prior to 22.10.0.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-3516
https://github.com/librenms/librenms/commit/8e85698aa3aa4884c2f3d6c987542477eb64f07c
https://huntr.d…
Cross-site Scripting (XSS) – Generic in GitHub repository librenms/librenms prior to 22.10.0.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-4069
https://github.com/librenms/librenms/commit/8383376f1355812e09ec0c2af67f6d46891b7ba7
https://huntr….
Impact
Users using the VelaUX APIServer could be affected by this vulnerability.
When using Helm Chart as the component delivery method, the request address of the warehouse is not restricted, and there is a blind SSRF vulnerability.
Patches
For users …
Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-4018
https://github.com/ikus060/rdiffweb/commit/f2a32f2a9f3fb8be1a9432ac3d81d3aacdb13095
https://…
Apache Archiva prior to 2.2.9 allows an authenticated user to delete arbitrary directories. Users with write permissions to a repository can delete arbitrary directories.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-40309
https://lists.apache….
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS – user can cause an administrator to trigger reflected XSS with a url if the targeted administrator is using an old browser that lacks XSS protect…
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the image manipulation library due to un-sanitized output.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-43694
https://documentation.co…
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the dashboard icons due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.
References
https://nvd.nist.gov/vuln/…
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the multilingual report due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.
References
https://nvd.nist.gov/v…
In Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteCookieMap table can be filled up causing a denial of service (high load).
References
https://nvd.nist.gov/vuln/detail/CVE-2022-43686
https://documentati…
