CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40034
https://notcve.org/view.php?id=CVE-2022-40034
Cross-Site Scripting (XSS) vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute arbitrary code via the 'notifyInfo' parameter. La vulnerabilidad de cross-site scripting (XSS) encontrada en Rawchen blog-ssm v1.0 permite a los atacantes ejecutar código arbitrario a través del parámetro 'notifyInfo'. • https://github.com/rawchen/blog-ssm/issues/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4400 – zbl1996 FS-Blog Title cross site scripting
https://notcve.org/view.php?id=CVE-2022-4400
A vulnerability was found in zbl1996 FS-Blog and classified as problematic. This issue affects some unknown processing of the component Title Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-215267. • https://gitee.com/zbl1996/FS-Blog/issues/I5Y6ZQ https://vuldb.com/?id.215267 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4397 – morontt zend-blog-number-2 Comment Comment.php cross-site request forgery
https://notcve.org/view.php?id=CVE-2022-4397
A vulnerability was found in morontt zend-blog-number-2. It has been classified as problematic. Affected is an unknown function of the file application/forms/Comment.php of the component Comment Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. • https://github.com/morontt/zend-blog-number-2/commit/36b2d4abe20a6245e4f8df7a4b14e130b24d429d https://vuldb.com/?id.215250 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2425 – WP DS Blog Map <= 3.1.3 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2425
The WP DS Blog Map WordPress plugin through 3.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) El plugin WP DS Blog Map de WordPress versiones hasta 3.1.3, no sanea y escapa de algunas de sus configuraciones, lo que podría permitir a usuarios con altos privilegios, como el administrador, llevar a cabo ataques de Cross-Site Scripting almacenado cuando la capacidad unfiltered_html no está permitida (por ejemplo, en una configuración multisitio) The WP DS Blog Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. • https://wpscan.com/vulnerability/ca684a25-28ba-4337-a6d4-9477b1643c9d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27174
https://notcve.org/view.php?id=CVE-2022-27174
Cross-site request forgery (CSRF) vulnerability in Easy Blog for EC-CUBE4 Ver.1.0.1 and earlier allows a remote unauthenticated attacker to hijack the authentication of the administrator and delete a blog article or a category via a specially crafted page. Una vulnerabilidad de tipo Cross-site request forgery (CSRF) en Easy Blog para EC-CUBE4 Versiones 1.0.1 y anteriores, permite a un atacante remoto no autenticado secuestrar la autenticación del administrador y eliminar un artículo del blog o una categoría por medio de una página especialmente diseñada • https://jvn.jp/en/jp/JVN46241173/index.html https://www.ec-cube.net/products/detail.php?product_id=2217 • CWE-352: Cross-Site Request Forgery (CSRF) •