CVE-2022-0134
published 2022-02-21CVE-2022-0134: The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in…
PriorityP434high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.64%
45.9th percentile
The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bologer | anycomment | < 0.2.18 | 0.2.18 |
| chrome_chrome | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wh4r-2vqj-7php: The AnyComment WordPress plugin before 0
ghsa_unreviewed·2022-02-22
CVE-2022-0134 [HIGH] CWE-352 GHSA-wh4r-2vqj-7php: The AnyComment WordPress plugin before 0
The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack
Palo Alto
PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
vendor_paloalto·2024-09-04·CVSS 6.0
CVE-2022-22965 [MEDIUM] PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the
CVEs: CVE-2010-1622, CVE-2015-7552, CVE-2018-16840, CVE-2019-7639, CVE-2020-17049, CVE-2020-7774, CVE-2021-0131, CVE-2021-0132, CVE-2021-0133, CVE-2021-0134, CVE-2021-4044, CVE-2021-4160, CVE-2021-41773, CVE-2022-1343, CVE-2022-21449, CVE-2022-2274, CVE-2022-22963, CVE-2022-22965, CVE-2022-24697, CVE-2022-32207, CVE-2022-3358, CVE-2022-3996, CVE-2022-40664, CVE-2022-44792, CVE-2022-44793, CVE-2023-1255, CVE-2023-22809, CVE-2023-23919, CVE-2023-3341, CVE-2023-4236, CVE-2023-4863, CVE-2023-51767
Affected products: PAN-OS
Chrome
Stable Channel Update for Desktop: CVE-2023-0134
vendor_chrome·2023-01-10·CVSS 8.8
CVE-2023-0134 [MEDIUM] Stable Channel Update for Desktop: CVE-2023-0134
Stable Channel Update for Desktop
CVE-2023-0134: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-17 [$2500][ 1385831 ] Medium CVE-2023-0135: Use after free in Cart
Reported by Chaoyuan Peng (@ret2happy) on 2022-11-18 [$2000][ 1356987 ] Medium CVE-2023-0136: Inappropriate implementation in Fullscreen API
Severity: medium
No detection rules found.
No public exploits indexed.
Qualys
Identify Server-Side Attacks Using Qualys Periscope | Qualys
blogs_qualys·2022-12-01·CVSS 8.8
[HIGH] Identify Server-Side Attacks Using Qualys Periscope | Qualys
#### Table of Contents
- Potential False Positives
- Potential False Negatives
Qualys previously announced the introduction of Qualys Periscope in 2020. This technology allows Qualys Web Application Scanning (WAS) to detect out-of-band vulnerabilities such as server-side request forgery (SSRF). Qualys Periscope provides confirmed detections for additional vulnerabilities, such as Log4j, where it enables rapid development and release of the QID. Occasionally, Qualys receives questions and support cases related to Qualys Periscope. This article will provide more detail on the common questions/situations seen with out-of-band detections.
As of publishing, the vulnerability detections that utilize Qualys Periscope are:
- QID 150055 – OS Command Injection
- QID 150179 – Blind XXE injection
Qualys
Identify Server-Side Attacks Using Qualys Periscope
blogs_qualys·2022-12-01·CVSS 8.8
[HIGH] Identify Server-Side Attacks Using Qualys Periscope
## Table of Contents
Potential False Positives
Potential False Negatives
Qualys previously announced the introduction of Qualys Periscope in 2020. This technology allows Qualys Web Application Scanning (WAS) to detect out-of-band vulnerabilities such as server-side request forgery (SSRF). Qualys Periscope provides confirmed detections for additional vulnerabilities, such as Log4j, where it enables rapid development and release of the QID. Occasionally, Qualys receives questions and support cases related to Qualys Periscope . This article will provide more detail on the common questions/situations seen with out-of-band detections.
As of publishing, the vulnerability detections that utilize Qualys Periscope are:
QID 150055 – OS Command Injection
QID 150179 – Blind XXE injection
QID 15
2022-02-21
Published