CVE-2022-31299
published 2022-06-16CVE-2022-31299: Haraj v3.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the User Upgrade Form.
PriorityP339medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
4.73%
90.7th percentile
Haraj v3.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the User Upgrade Form.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| angtech | haraj | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat4.7MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9cch-vm5f-45mv: Haraj v3
ghsa_unreviewed·2022-06-17
CVE-2022-31299 [MEDIUM] CWE-79 GHSA-9cch-vm5f-45mv: Haraj v3
Haraj v3.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the User Upgrade Form.
Red Hat
kernel: nbd: call genl_unregister_family() first in nbd_cleanup()
vendor_redhat·2025-02-26·CVSS 4.7
CVE-2022-49295 [MEDIUM] CWE-476 kernel: nbd: call genl_unregister_family() first in nbd_cleanup()
kernel: nbd: call genl_unregister_family() first in nbd_cleanup()
In the Linux kernel, the following vulnerability has been resolved:
nbd: call genl_unregister_family() first in nbd_cleanup()
Otherwise there may be race between module removal and the handling of
netlink command, which can lead to the oops as shown below:
BUG: kernel NULL pointer dereference, address: 0000000000000098
Oops: 0002 [#1] SMP PTI
CPU: 1 PID: 31299 Comm: nbd-client Tainted: G E 5.14.0-rc4
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)
RIP: 0010:down_write+0x1a/0x50
Call Trace:
start_creating+0x89/0x130
debugfs_create_dir+0x1b/0x130
nbd_start_device+0x13d/0x390 [nbd]
nbd_genl_connect+0x42f/0x748 [nbd]
genl_family_rcv_msg_doit.isra.0+0xec/0x150
genl_rcv_msg+0xe5/0x1e0
netlink_rcv_skb+0x55/0x100
genl_rcv+0x2
No detection rules found.
Nuclei
Haraj 3.7 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2022-31299 [MEDIUM] Haraj 3.7 - Cross-Site Scripting
Haraj 3.7 - Cross-Site Scripting
Haraj 3.7 contains a cross-site scripting vulnerability in the User Upgrade Form. An attacker can inject malicious script and thus steal authentication credentials and launch other attacks.
Template:
id: CVE-2022-31299
info:
name: Haraj 3.7 - Cross-Site Scripting
author: edoardottt
severity: medium
description: |
Haraj 3.7 contains a cross-site scripting vulnerability in the User Upgrade Form. An attacker can inject malicious script and thus steal authentication credentials and launch other attacks.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website.
remediation: |
To remediate this
2022-06-16
Published