Security Vulnerabilities - CVEs Published In June 2022
SQL injection exists in LaiKetui v3.5.0 the background administrator list.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-06-23
LaiKetui v3.5.0 has SQL injection in the background through the menu management function, and sensitive data can be obtained.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-06-23
A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content.
CVSS Score
5.4
EPSS Score
0.057
Published
2022-06-23
Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Lastname parameter to the Update Account form in student_profile.php.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-06-23
Buffer Over-read in GitHub repository vim/vim prior to 8.2.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-06-23
In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.
CVSS Score
6.1
EPSS Score
0.024
Published
2022-06-23
wire-ios is an iOS client for the Wire secure messaging application. Invalid accent colors of Wire communication partners may render the iOS Wire Client partially unusable by causing it to crash multiple times on launch. These invalid accent colors can be used by and sent between Wire users. The root cause was an unnecessary assert statement when converting an integer value into the corresponding enum value, causing an exception instead of a fallback to a default value. This issue is fixed in [wire-ios](https://github.com/wireapp/wire-ios/commit/caa0e27dbe51f9edfda8c7a9f017d93b8cfddefb) and in Wire for iOS 3.100. There is no workaround available, but users may use other Wire clients (such as the [web app](https://app.wire.com)) to continue using Wire, or upgrade their client.
CVSS Score
5.7
EPSS Score
0.004
Published
2022-06-23
A vulnerability has been found in Atahualpa Theme and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. The attack can be launched remotely.
CVSS Score
3.5
EPSS Score
0.002
Published
2022-06-23
A vulnerability, which was classified as critical, was found in VaultPress Plugin 1.8.4. This affects an unknown part. The manipulation leads to code injection. It is possible to initiate the attack remotely.
CVSS Score
6.3
EPSS Score
0.004
Published
2022-06-23
A vulnerability, which was classified as problematic, has been found in Alpine PhotoTile for Instagram Plugin 1.2.7.7. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely.
CVSS Score
3.5
EPSS Score
0.002
Published
2022-06-23