CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5192 – Excessive Data Query Operations in a Large Data Table in pimcore/demo
https://notcve.org/view.php?id=CVE-2023-5192
Excessive Data Query Operations in a Large Data Table in GitHub repository pimcore/demo prior to 10.3.0. Operaciones excesivas de consulta de datos en una tabla de datos grande en el repositorio de GitHub pimcore/demo antes de 10.3.0. • https://github.com/pimcore/demo/commit/a2a7ff3b565882aefb759804aac4a51afb458f1f https://huntr.dev/bounties/65c954f2-79c3-4672-8846-a3035e7a1db7 • CWE-1049: Excessive Data Query Operations in a Large Data Table •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-29777
https://notcve.org/view.php?id=CVE-2022-29777
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h. Se ha detectado que Onlyoffice Document Server versiones v6.0.0 y anteriores y Core versiones 6.1.0.26 y anteriores, contienen un desbordamiento de pila por medio del componente DesktopEditor/fontengine/fontconverter/FontFileBase.h • https://github.com/ONLYOFFICE/DocumentServer/blob/master/CHANGELOG.md#601 https://github.com/ONLYOFFICE/core/commit/b17d5e860f30e8be2caeb0022b63be4c76660178 https://github.com/moehw/poc_exploits/tree/master/CVE-2022-29777 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-29776
https://notcve.org/view.php?id=CVE-2022-29776
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp. Se ha detectado que Onlyoffice Document Server versiones v6.0.0 y anteriores y Core versiones 6.1.0.26 y anteriores, contenían un desbordamiento de pila por medio del componente DesktopEditor/common/File.cpp • https://github.com/ONLYOFFICE/DocumentServer/blob/master/CHANGELOG.md#601 https://github.com/ONLYOFFICE/core/commit/88cf60a3ed4a2b40d71a1c2ced72fa3902a30967 https://github.com/moehw/poc_exploits/tree/master/CVE-2022-29776 • CWE-787: Out-of-bounds Write •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2021-38144
https://notcve.org/view.php?id=CVE-2021-38144
An issue was discovered in Form Tools through 3.0.20. A low-privileged user can trigger Reflected XSS when a viewing a form via the submission_id parameter, e.g., clients/forms/edit_submission.php?form_id=1&view_id=1&submission_id=[XSS]. Se ha detectado un problema en Form Tools versiones hasta 3.0.20. Un usuario poco privilegiado puede desencadenar un ataque de tipo XSS Reflejado cuando visualiza un formulario por medio del parámetro submission_id, por ejemplo, clients/forms/edit_submission.php? • https://bernardofsr.github.io/blog/2021/form-tools https://github.com/bernardofsr/CVEs-With-PoC/blob/main/PoCs/Form%20Tools/README.md https://github.com/formtools/core https://www.formtools.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2021-38143
https://notcve.org/view.php?id=CVE-2021-38143
An issue was discovered in Form Tools through 3.0.20. When an administrator creates a customer account, it is possible for the customer to log in and proceed with a change of name and last name. However, these fields are vulnerable to XSS payload insertion, being triggered in the admin panel when the admin tries to see the client list. This type of XSS (stored) can lead to the extraction of the PHPSESSID cookie belonging to the admin. Se ha detectado un problema en Form Tools versiones hasta 3.0.20. • https://bernardofsr.github.io/blog/2021/form-tools https://github.com/bernardofsr/CVEs-With-PoC/blob/main/PoCs/Form%20Tools/README.md https://github.com/formtools/core https://www.formtools.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •