Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-47419PUBLISHED: 2023-02-07An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful XSS exploitation was observed in the in-product tagging system.
CVE-2023-0713PUBLISHED: 2023-02-07
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_add_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this f...
CVE-2023-0728PUBLISHED: 2023-02-07
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder function. This makes it possible for unauthenticated attackers to invoke this function via forge...
CVE-2022-47413PUBLISHED: 2023-02-07Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored (persistent, or "Type II") XSS condition.
CVE-2022-47414PUBLISHED: 2023-02-07If an attacker has access to the console for OpenKM (and is authenticated), a stored XSS vulnerability is reachable in the document "note" functionality.
User Rank: Strategist
2/6/2018 | 10:32:40 AM