Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2022
Inaccurate display of Snippet files containing special characters in all versions of GitLab CE/EE allows an attacker to create Snippets with misleading content which could trick unsuspecting users into executing arbitrary commands
CVSS Score
6.5
EPSS Score
0.003
Published
2022-03-28
Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-03-28
Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO.
CVSS Score
6.1
EPSS Score
0.004
Published
2022-03-28
In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-03-28
The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP ones.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-03-28
The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be uploaded by default via the dnd_codedropz_upload AJAX action, which could lead to Stored Cross-Site Scripting issue
CVSS Score
5.4
EPSS Score
0.13
Published
2022-03-28
The Mapping Multiple URLs Redirect Same Page WordPress plugin through 5.8 does not sanitize and escape the mmursp_id parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
CVSS Score
6.1
EPSS Score
0.016
Published
2022-03-28
The Conference Scheduler WordPress plugin before 2.4.3 does not sanitize and escape the tab parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-03-28
The Database Peek WordPress plugin through 1.2 does not sanitize and escape the match parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-03-28
The Delete Old Orders WordPress plugin through 0.2 does not sanitize and escape the date parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-03-28


Contact Us

Shodan ® - All rights reserved