CVE-2022-3950
published 2022-11-11CVE-2022-3950: A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. Affected is the function initLink of the file dwz.min.js of the component…
PriorityP428medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.40%
31.9th percentile
A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. Affected is the function initLink of the file dwz.min.js of the component Tab Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a972dc9b1c94aea2d84478bf26283904c21e4ca2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213456.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| publiccms | publiccms | < 4.0.202204.d | 4.0.202204.d |
| sanluan | publiccms | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cisa7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h996-p85p-3xxx: A vulnerability, which was classified as problematic, was found in sanluan PublicCMS
ghsa_unreviewed·2022-11-11
CVE-2022-3950 [MEDIUM] CWE-707 GHSA-h996-p85p-3xxx: A vulnerability, which was classified as problematic, was found in sanluan PublicCMS
A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. Affected is the function initLink of the file dwz.min.js of the component Tab Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a972dc9b1c94aea2d84478bf26283904c21e4ca2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213456.
CISA
VMware Multiple Products Privilege Escalation Vulnerability
cisa·2021-11-03·CVSS 7.8
CVE-2020-3950 [HIGH] CWE-269 VMware Multiple Products Privilege Escalation Vulnerability
Vulnerability: VMware Multiple Products Privilege Escalation Vulnerability
Affected: VMware Multiple Products
VMware Fusion, Remote Console (VMRC) for Mac, and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries that allows attackers to escalate privileges to root.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-3950
Remediation Due Date: 2022-05-03
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-11-11
Published