Security Vulnerabilities - CVEs Published In March 2022
Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4.
CVSS Score
7.6
EPSS Score
0.003
Published
2022-03-15
Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4.
CVSS Score
7.1
EPSS Score
0.003
Published
2022-03-15
Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11.
CVSS Score
6.8
EPSS Score
0.043
Published
2022-03-15
A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution.
CVSS Score
8.8
EPSS Score
0.724
Published
2022-03-15
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
CVSS Score
8.2
EPSS Score
0.0
Published
2022-03-15
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
CVSS Score
6.8
EPSS Score
0.0
Published
2022-03-15
File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4.
CVSS Score
8.2
EPSS Score
0.003
Published
2022-03-15
Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-03-15
CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (XXE). This leads to the inclusion of arbitrary (local) file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-03-15
Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4.
CVSS Score
9.0
EPSS Score
0.004
Published
2022-03-15