Security Vulnerabilities - CVEs Published In May 2022
Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9.
CVSS Score
9.9
EPSS Score
0.001
Published
2022-05-23
A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is /zoo/admin/public_html/view_accounts?type=zookeeper of the content module. The manipulation of the argument admin_name with the input <script>alert(1)</script> leads to an authenticated cross site scripting. Exploit details have been disclosed to the public.
CVSS Score
3.5
EPSS Score
0.002
Published
2022-05-23
A vulnerability, which was classified as problematic, was found in Badminton Center Management System. This affects the userlist module at /bcms/admin/?page=user/list. The manipulation of the argument username with the input </td><img src="" onerror="alert(1)"><td>1 leads to an authenticated cross site scripting. Exploit details have been disclosed to the public.
CVSS Score
3.5
EPSS Score
0.002
Published
2022-05-23
A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-05-23
A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-05-23
Cross-site Scripting (XSS) - Reflected in GitHub repository collectiveaccess/providence prior to 1.8.
CVSS Score
5.5
EPSS Score
0.003
Published
2022-05-23
Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-05-23
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-05-23
The Donate Extra WordPress plugin through 2.02 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected cross-Site Scripting
CVSS Score
6.1
EPSS Score
0.003
Published
2022-05-23
The Tabs WordPress plugin before 2.2.8 does not sanitise and escape Tab descriptions, which could allow high privileged users with a role as low as editor to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
CVSS Score
4.8
EPSS Score
0.003
Published
2022-05-23