CWE-707

Improper Neutralization

The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.

251 vulnerabilities with CWE-707
CVE-2022-3971 MEDIUM
matrix-appservice-irc < 0.36.0 - SQL Injection in PgDataStore
CVSS 4.6
CVE-2022-3968 LOW
emlog < 2022-11-08 - Cross-Site Scripting via tag Parameter in admin/article_save.php
CVSS 3.5
CVE-2022-3967 MEDIUM
Vesta Control Panel - Argument Injection
CVSS 5.3
CVE-2022-3963 LOW
gnuboard < 5.5.8.2.1 - Cross-Site Scripting via FAQ Key ID Parameter
CVSS 3.5
CVE-2022-3956 MEDIUM
HHIMS 2.1 - SQL Injection via Patient Portrait Handler PID Argument
CVSS 6.3
CVE-2022-3955 HIGH
crm42 - SQL Injection via user_name Parameter in Login Component
CVSS 7.3
CVE-2022-3950 LOW
PublicCMS < 4.0.202204.d - Cross-Site Scripting in Tab Handler
CVSS 3.5
CVE-2022-3949 LOW
Simple Cashiering System - Cross-Site Scripting via User Account Handler Fullname Parameter
CVSS 3.5
CVE-2022-3948 MEDIUM
eolink goku_lite - SQL Injection via /plugin/getList route/keyword Parameter
CVSS 6.3
CVE-2022-3947 MEDIUM
eolink goku_lite - SQL Injection via /balance/service/list Route/Keyword Parameter
CVSS 6.3
CVE-2022-3943 LOW
ForU CMS - Cross-Site Scripting via cms_chip.php Name Argument
CVSS 3.5
CVE-2022-3942 MEDIUM
Sanitization Management System - Cross-Site Scripting in Request Quote Page
CVSS 4.3
CVE-2022-3941 MEDIUM
Activity Log Plugin - Info Disclosure
CVSS 5.3
CVE-2022-3878 HIGH
Maxon ERP - SQL Injection via tb_search Parameter
CVSS 7.3
CVE-2022-3868 MEDIUM
SourceCodester Sanitization Management System - SQL Injection
CVSS 4.7
CVE-2022-3845 LOW
phpipam < 1.5.0 - Cross-Site Scripting in Import Preview Handler
CVSS 2.4
CVE-2022-3827 MEDIUM
centreon < 22.10.0 - SQL Injection via formContactGroup.php cg_id Parameter
CVSS 6.3
CVE-2022-3825 MEDIUM
Huaxia ERP 2.3 - SQL Injection via User Management Login Argument
CVSS 6.3
CVE-2022-3804 MEDIUM
eolink apinto-dashboard - Cross-Site Scripting via Login Callback Parameter
CVSS 4.3
CVE-2022-3803 LOW
eolink apinto-dashboard - Cross-Site Scripting via /api/discoveries/
CVSS 3.5
CVE-2022-3802 MEDIUM
IBAX go-ibax < 1.4.2 - SQL Injection via /api/v2/open/rowsInfo Where Parameter
CVSS 6.3
CVE-2022-3801 MEDIUM
IBAX go-ibax < 1.4.2 - SQL Injection via /api/v2/open/rowsInfo Order Parameter
CVSS 6.3
CVE-2022-3800 MEDIUM
IBAX go-ibax < 1.4.2 - SQL Injection via /api/v2/open/rowsInfo table_name Parameter
CVSS 6.3
CVE-2022-3799 MEDIUM
IBAX go-ibax < 1.4.2 - SQL Injection via /api/v2/open/tablesInfo
CVSS 6.3
CVE-2022-3798 MEDIUM
IBAX go-ibax < 1.4.2 - SQL Injection via /api/v2/open/tablesInfo
CVSS 6.3
Details
Vulnerabilities 251
Links
MITRE CWE Entry Search this CWE With Exploits