Security Vulnerabilities - CVEs Published In June 2022
A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.
CVSS Score
5.4
EPSS Score
0.006
Published
2022-06-02
An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file.
CVSS Score
8.8
EPSS Score
0.008
Published
2022-06-02
An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to modify products that are owned by other sellers.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-06-02
A cross-site scripting (XSS) vulnerability in /omps/seller of Online Market Place Site v1.0 allows attackers to execute arbitrary web cripts or HTML via a crafted payload injected into the Page parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-06-02
An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-06-02
Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-06-02
The affected product is vulnerable to an out-of-bounds read via uninitialized pointer, which may allow an attacker to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.003
Published
2022-06-02
resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints,
CVSS Score
6.1
EPSS Score
0.011
Published
2022-06-02
Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to an reflected Cross-Site Scripting (XSS) vulnerability via RRSWeb/maint/ShowDocument/ShowDocument.aspx .
CVSS Score
6.1
EPSS Score
0.002
Published
2022-06-02
The TikTok application before 23.7.3 for Android allows account takeover. A crafted URL (unvalidated deeplink) can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click.
CVSS Score
8.8
EPSS Score
0.027
Published
2022-06-02