TemaTres 3.0 has reflected XSS vuln

Overview :
TemaTres 3.0 has reflected XSS via the replace_string or search_string parameter to the vocab/admin.php?doAdmin=bulkReplace URI.
Affected Product(s) :
  • TemaTres 3.0
Vulnerability Details :
CVE ID : CVE-2019-14344
The parameters “replace_string” and “search_string” POST request (XSS reflected)

Solution :

Upgrade to TemaTres 3.1

More information :
https://github.com/zikula/core/commit/d6e6c283f18b3dcb7e92b46a7ad63fc7c7e112e2

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-45359 : YITH WOOCOMMERCE GIFT CARDS PREMIUM PLUGIN UP TO 3.19.0 ON WORDPRESS UNRESTRICTED UPLOAD

CVE-2022-45359 : YITH WOOCOMMERCE GIFT CARDS PREMIUM PLUGIN UP TO 3.19.0 ON WORDPRESS UNRESTRICTED UPLOAD

Description Unauth. Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards premium plugin

CVE-2022-45479 : PC KEYBOARD SERVER MISSING AUTHENTICATION

CVE-2022-45479 : PC KEYBOARD SERVER MISSING AUTHENTICATION

Description PC Keyboard allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous

CVE-2022-46414 : VERITAS NETBACKUP FLEX SCALE/ACCESS APPLIANCE MANAGEMENT PORTAL REMOTE CODE EXECUTION

CVE-2022-46414 : VERITAS NETBACKUP FLEX SCALE/ACCESS APPLIANCE MANAGEMENT PORTAL REMOTE CODE EXECUTION

Description An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command