Eric Getchell

#14904of 53,624
18Total CVSS
Vulnerabilities · 3
Medium
3
PT-2022-19717
6.5
2022-06-02
Solutions Atlantic · Solutions Atlantic Regulatory Reporting System · CVE-2022-29597
**Name of the Vulnerable Software and Affected Versions** Solutions Atlantic Regulatory Reporting System (RRS) version v500 **Description** The issue allows any authenticated user to reference internal system files within requests made to the "RRSWeb/maint/ShowDocument/ShowDocument.aspx" page. The server responds with the file contents of the internal system file requested, potentially enabling adversaries to extract sensitive data and/or files from the underlying file system, gain knowledge about the internal workings of the system, or access source code of the application. **Recommendations** As a temporary workaround, consider restricting access to the "RRSWeb/maint/ShowDocument/ShowDocument.aspx" page until a patch is available. Additionally, limiting the ability of authenticated users to reference internal system files can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-19718
6.1
2022-05-27
Solutions Atlantic · Solutions Atlantic Regulatory Reporting System · CVE-2022-29598
**Name of the Vulnerable Software and Affected Versions** Solutions Atlantic Regulatory Reporting System (RRS) version v500 **Description** The issue is a reflected Cross-Site Scripting (XSS) vulnerability. It can be exploited via the "RRSWeb/maint/ShowDocument/ShowDocument.aspx" API endpoint. **Recommendations** For version v500, as a temporary workaround, consider restricting access to the "RRSWeb/maint/ShowDocument/ShowDocument.aspx" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-15962
5.4
2022-02-09
Unknown · Tastyigniter · CVE-2022-23378
**Name of the Vulnerable Software and Affected Versions** TastyIgniter version 3.2.2 **Description** A Cross-Site Scripting (XSS) issue exists. The `items%5B0%5D%5Bpath%5D` parameter of a request made to "/admin/allergens/edit/1" is vulnerable. **Recommendations** For version 3.2.2, as a temporary workaround, consider restricting access to the "/admin/allergens/edit/1" endpoint until a patch is available. Avoid using the `items%5B0%5D%5Bpath%5D` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.