Security Vulnerabilities - CVEs Published In April 2022
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.2 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 that allowed for an unauthorised user to read the the approval rules of a private project.
CVSS Score
3.1
EPSS Score
0.002
Published
2022-04-04
Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc.
CVSS Score
8.7
EPSS Score
0.017
Published
2022-04-04
URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-04-04
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
CVSS Score
6.1
EPSS Score
0.005
Published
2022-04-04
A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-04-04
A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-04-04
A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-04-04
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in FV Flowplayer Video Player (WordPress plugin) versions <= 7.5.18.727 via &fv_wp_flowplayer_field_splash parameter.
CVSS Score
4.1
EPSS Score
0.002
Published
2022-04-04
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions <= 2.1.27
CVSS Score
3.4
EPSS Score
0.003
Published
2022-04-04
Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows is vulnerable to registry key tampering by users with Administrator privileges. This could result in a user disabling anti-tampering mechanisms which would then allow the user to disable Forcepoint One Endpoint and the protection offered by it.
CVSS Score
6.0
EPSS Score
0.0
Published
2022-04-04