Security Vulnerabilities - CVEs Published In March 2022
OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\t substring.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-03-28
OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/alternative message.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-03-28
A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-03-28
The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation.
CVSS Score
9.1
EPSS Score
0.001
Published
2022-03-28
3CX System through 2022-03-17 stores cleartext passwords in a database.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-03-28
OX App Suite through 7.10.5 allows XSS via an unknown system message in Chat.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-03-28
OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-03-28
OX App Suite through 7.10.5 allows XSS via NIFF (Notation Interchange File Format) data.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-03-28
OX App Suite through 7.10.5 allows XSS via the class attribute of an element in an HTML e-mail signature.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-03-28
A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, NBD80X08S-KL, NBD80X09RA-KL, AHB80X04R-MH, AHB80X04R-MH-V2, AHB80X04-R-MH-V3, AHB80N16T-GS, AHB80N32F4-LME, and NBD90S0VT-QW allows attackers to cause a Denial of Service (DoS) via a crafted RSTP request.
CVSS Score
7.8
EPSS Score
0.043
Published
2022-03-28