Security Vulnerabilities - CVEs Published In April 2022
Matrimony v1.0 was discovered to contain a SQL injection vulnerability via the Password parameter.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-04-05
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVSS Score
8.3
EPSS Score
0.016
Published
2022-04-05
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVSS Score
8.3
EPSS Score
0.016
Published
2022-04-05
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVSS Score
8.3
EPSS Score
0.016
Published
2022-04-05
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVSS Score
8.3
EPSS Score
0.016
Published
2022-04-05
Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by forging specific http queries, and execute arbitrary code on the server using http server user privileges. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds.
CVSS Score
8.8
EPSS Score
0.134
Published
2022-04-05
Combodi iTop is a web based IT Service Management tool. Prior to versions 2.7.6 and 3.0.0, cross-site scripting is possible for scripts outside of script tags when displaying HTML attachments. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-04-05
Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-04-05
Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name.
CVSS Score
5.3
EPSS Score
0.026
Published
2022-04-05
Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history.
CVSS Score
5.4
EPSS Score
0.249
Published
2022-04-05