Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-47419PUBLISHED: 2023-02-07An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful XSS exploitation was observed in the in-product tagging system.
CVE-2023-0713PUBLISHED: 2023-02-07
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_add_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this f...
CVE-2023-0728PUBLISHED: 2023-02-07
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder function. This makes it possible for unauthenticated attackers to invoke this function via forge...
CVE-2022-47413PUBLISHED: 2023-02-07Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored (persistent, or "Type II") XSS condition.
CVE-2022-47414PUBLISHED: 2023-02-07If an attacker has access to the console for OpenKM (and is authenticated), a stored XSS vulnerability is reachable in the document "note" functionality.
User Rank: Ninja
8/27/2016 | 8:32:26 AM
two things need to change:
1. product liability law;
2. processing: (a) use a Secure OS; amd (2) use Public Key Encryption for authentications;
commercial interests laugh and claim nobody wants to be bothered; ask anyone who's had their card compromised; you'll get a different answer;
this is why #1 (above) needs to be a change in product liabilty; otherwise the makers of commercial software simply can't be bothered;
it's an uphill battle though: there's a lot of loose money out on K-Street;