Security Vulnerabilities - CVEs Published In March 2022
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Group Functionality of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause execute arbitrary codes on the vulnerable server. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86.
CVSS Score
3.8
EPSS Score
0.009
Published
2022-03-30
Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10.
CVSS Score
7.4
EPSS Score
0.002
Published
2022-03-30
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.
CVSS Score
7.3
EPSS Score
0.245
Published
2022-03-30
Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.
CVSS Score
4.6
EPSS Score
0.509
Published
2022-03-30
Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.
CVSS Score
4.6
EPSS Score
0.185
Published
2022-03-30
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2.
CVSS Score
8.0
EPSS Score
0.282
Published
2022-03-30
DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution.
CVSS Score
6.1
EPSS Score
0.004
Published
2022-03-30
Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.
CVSS Score
7.8
EPSS Score
0.004
Published
2022-03-30
Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0.
CVSS Score
6.5
EPSS Score
0.033
Published
2022-03-30
RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-03-30