Security Vulnerabilities - CVEs Published In January 2022
PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds.
CVSS Score
9.0
EPSS Score
0.006
Published
2022-01-26
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the description parameter in room_list.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-01-26
jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.
CVSS Score
8.8
EPSS Score
0.013
Published
2022-01-26
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.FormDataAction#queryData. The attack vector is: 0 or sleep(3). ΒΆΒΆ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-01-26
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the description parameter in room_types.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-01-26
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
CVSS Score
7.5
EPSS Score
0.035
Published
2022-01-26
/usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-01-26
controller/org.controller/org.controller.js in the CVE Services API 1.1.1 before 5c50baf3bda28133a3bc90b854765a64fb538304 allows an organizational administrator to transfer a user account to an arbitrary new organization, and thereby achieve unintended access within the context of that new organization.
CVSS Score
7.2
EPSS Score
0.004
Published
2022-01-26
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-01-26
IBM Security Guardium Insights 3.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
CVSS Score
5.9
EPSS Score
0.002
Published
2022-01-26