Security Vulnerabilities - CVEs Published In May 2022
There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and system blocked victim's account.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-05-06
This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim's browser to emit an HTTP request to an arbitrary URL in the application.
CVSS Score
2.3
EPSS Score
0.001
Published
2022-05-06
An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code.
CVSS Score
4.6
EPSS Score
0.005
Published
2022-05-06
Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks
CVSS Score
4.8
EPSS Score
0.001
Published
2022-05-06
Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses
CVSS Score
4.7
EPSS Score
0.003
Published
2022-05-06
Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show the cookie with the missing flag. (WebUI)
CVSS Score
7.4
EPSS Score
0.001
Published
2022-05-06
A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because restrictions are not performed on Server side to ensure the user has required permission before processing requests.
CVSS Score
8.8
EPSS Score
0.008
Published
2022-05-06
Dragon Path Technologies Bharti Airtel Routers Hardware BDT-121 version 1.0 is vulnerable to Cross Site Scripting (XSS) via Dragon path router admin page.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-05-06
FUDforum 3.1.1 is vulnerable to Stored XSS.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-05-06
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Adam Skaat Countdown & Clock (WordPress plugin) countdown-builder allows Stored XSS.This issue affects Countdown & Clock (WordPress plugin): from n/a through 2.3.2.
CVSS Score
5.9
EPSS Score
0.002
Published
2022-05-06