Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-48116PUBLISHED: 2023-01-27AyaCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/tpl_edit.inc.php.
CVE-2022-48118PUBLISHED: 2023-01-27Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Acronym parameter.
CVE-2022-32472PUBLISHED: 2023-01-27** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2022-32952PUBLISHED: 2023-01-27** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2021-41231PUBLISHED: 2023-01-27OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile. Versions 19.4.22 and 20.0.19 contain a patch for this issue.
User Rank: Ninja
1/30/2019 | 5:42:07 PM