CVE-2022-28283

MEDIUM Year: 2022
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-552
View all →

Vulnerability Description

The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. This vulnerability affects Firefox < 99.

Related Vulnerabilities

CVE-2016-10829

MEDIUM
CVSS:6.5(Medium)

cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99).

CWE-5522016

CVE-2017-1308

MEDIUM
CVSS:6.5(Medium)

IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. IBM X-Force I...

CWE-5522017

CVE-2017-6922

MEDIUM
CVSS:6.5(Medium)

In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visib...

CWE-5522017

CVE-2018-1079

MEDIUM
CVSS:6.5(Medium)

pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from...

CWE-5522018

CVE-2019-13140

MEDIUM
CVSS:6.5(Medium)

Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to dec...

CWE-5522019

CVE-2019-17130

MEDIUM
CVSS:6.5(Medium)

vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories.

CWE-5522019