CVE-2022-1647
published 2022-06-08CVE-2022-1647: The FormCraft WordPress plugin before 1.2.6 does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site…
PriorityP417medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.56%
42.6th percentile
The FormCraft WordPress plugin before 1.2.6 does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ncrafts | formcraft | < 1.2.6 | 1.2.6 |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Callback Technologies CBFS Filter denial-of-service vulnerabilities
blogs_talos·2022-11-22·CVSS 5.5
[MEDIUM] Vulnerability Spotlight: Callback Technologies CBFS Filter denial-of-service vulnerabilities
## Vulnerability Spotlight: Callback Technologies CBFS Filter denial-of-service vulnerabilities
Cisco Talos recently discovered three denial-of-service vulnerabilities in Callback Technologies CBFS Filter.
Callback Technologies has a CBFS file storage solution for use in customizing data persistence on devices. To accompany this, their CBFS Filter manages this file storage solution, allowing users to create filter and access rules, modify and encrypt data, etc.
Talos has identified three null pointer dereference vulnerabilities in CBFS Filter:
TALOS-2022-1647 (CVE-2022-43588)
TALOS-2022-1648 (CVE-2022-43589)
TALOS-2022-1649 (CVE-2022-43590)
A specially crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger these vulnerabilities.
Ci
Talos
Vulnerability Spotlight: Callback Technologies CBFS Filter denial-of-service vulnerabilities
blogs_talos·2022-11-22·CVSS 5.5
CVE-2022-43588 [MEDIUM] Vulnerability Spotlight: Callback Technologies CBFS Filter denial-of-service vulnerabilities
Cisco Talos recently discovered three denial-of-service vulnerabilities in Callback Technologies CBFS Filter.
Callback Technologies has a CBFS file storage solution for use in customizing data persistence on devices. To accompany this, their CBFS Filter manages this file storage solution, allowing users to create filter and access rules, modify and encrypt data, etc.
Talos has identified three null pointer dereference vulnerabilities in CBFS Filter:
TALOS-2022-1647 (CVE-2022-43588)
TALOS-2022-1648 (CVE-2022-43589)
TALOS-2022-1649 (CVE-2022-43590)
A specially crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger these vulnerabilities.
Cisco Talos worked with Callback Technologies to ensure that these issues were resolved and an upda
2022-06-08
Published