MidnightBSD

Advisories for wecube-platform_project

CVE-2022-37785

An issue was discovered in WeCube Platform 3.2.2. Cleartext passwords are displayed in the configuration for terminal plugins.

Products Affected

Vendor Product Version
wecube-platform_project wecube-platform 3.2.2
CVE-2022-37786

An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the [Home / Admin / Resources] page, the [Home / Admin / System Params] page, and the [Home / Design / Basekey Configuration] page.

Products Affected

Vendor Product Version
wecube-platform_project wecube-platform 3.2.2
CVE-2022-37787

An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerability has been found on the plugin database execution page.

Products Affected

Vendor Product Version
wecube-platform_project wecube-platform 3.2.2