Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-25855PUBLISHED: 2023-02-06All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization.
CVE-2022-25853PUBLISHED: 2023-02-06All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization.
CVE-2017-20176PUBLISHED: 2023-02-06
A vulnerability classified as problematic was found in ciubotaru share-on-diaspora 0.7.9. This vulnerability affects unknown code of the file new_window.php. The manipulation of the argument title/url leads to cross site scripting. The attack can be initiated remotely. The name of the patch is fb6fa...
CVE-2014-12508PUBLISHED: 2023-02-06
A vulnerability has been found in Gimmie Plugin 1.2.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file trigger_login.php. The manipulation of the argument userid leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The na...
CVE-2014-12508PUBLISHED: 2023-02-06
A vulnerability, which was classified as critical, has been found in Gimmie Plugin 1.2.2. This issue affects some unknown processing of the file trigger_referral.php. The manipulation of the argument referrername leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The n...
User Rank: Moderator
9/3/2014 | 3:33:25 PM
It's a fine line, but a well understood distinction, especially in a legal liability sense. As with many things legal, check your intuition and sensibilities at the courthouse door.
That being said, I agree that it has definitely emerged to be in the best interest of the Fanchisor to, at the very least, specify security requirements (and probably enshrine it in the franchise agreement). The Franchisors could just as easily revoke the offending Franchisees to protect their reputation. In the vein of "every problem is an opportunity," the smart play would be for a Franchisor to impose security across the Franchise and provide value add to the Franchisees, as well as turn this into a feature of the Franchise -- great service and secure purchases now at *all* UPS Stores.