Security Vulnerabilities - CVEs Published In March 2022
Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4.
CVSS Score
6.3
EPSS Score
0.002
Published
2022-03-14
The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add repository permission', to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vulnerability.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-03-14
phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRows parameter (aka num or number).
CVSS Score
6.1
EPSS Score
0.003
Published
2022-03-13
Mirametrix Glance before 5.1.1.42207 (released on 2018-08-30) allows a local attacker to elevate privileges. NOTE: this is unrelated to products from the glance.com and glance.net websites.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-03-13
Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c).
CVSS Score
7.8
EPSS Score
0.004
Published
2022-03-13
Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege escalation during extension installation. The installation process uses commands such as CREATE x IF NOT EXIST that allow an unprivileged user to precreate objects. These objects will be used by the installer (which executes as Superuser), leading to privilege escalation. In order to be able to take advantage of this, an unprivileged user would need to be able to create objects in a database and then get a Superuser to install TimescaleDB into their database. (In the fixed versions, the installation aborts when it finds that an object already exists.)
CVSS Score
8.0
EPSS Score
0.003
Published
2022-03-13
An issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CSRF tokens are globally valid, making the web application vulnerable to a weakened version of CSRF, where an arbitrary token of a low-privileged user (such as operator) can be used to confirm actions of higher-privileged ones (such as xpadmin).
CVSS Score
8.8
EPSS Score
0.001
Published
2022-03-13
An issue was discovered in PONTON X/P Messenger before 3.11.2. Due to path traversal in private/SchemaSetUpload.do for uploaded ZIP files, an executable script can be uploaded by web application administrators, giving the attacker remote code execution on the underlying server via an imgs/*.jsp URI.
CVSS Score
9.8
EPSS Score
0.055
Published
2022-03-13
An issue was discovered in PONTON X/P Messenger before 3.11.2. The navigation tree that is shown on the left side of every page of the web application is vulnerable to XSS: it allows injection of JavaScript into its nodes. Creating such nodes is only possible for users who have the role Configuration Administrator or Administrator.
CVSS Score
4.8
EPSS Score
0.003
Published
2022-03-13
An issue was discovered in PONTON X/P Messenger before 3.11.2. Several functions are vulnerable to reflected XSS, as demonstrated by private/index.jsp?partners/ShowNonLocalPartners.do?localID= or private/index.jsp or private/index.jsp?database/databaseTab.jsp or private/index.jsp?activation/activationMainTab.jsp or private/index.jsp?communication/serverTab.jsp or private/index.jsp?emailNotification/notificationTab.jsp.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-03-13