Security Vulnerabilities - CVEs Published In June 2022
SolarView Compact v6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Solar_AiConf.php.
CVSS Score
6.1
EPSS Score
0.022
Published
2022-06-21
An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file.
CVSS Score
9.8
EPSS Score
0.014
Published
2022-06-21
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_vmcode_interpreter at src/njs_vmcode.c.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-06-21
NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via login.php.
CVSS Score
6.1
EPSS Score
0.02
Published
2022-06-21
A vulnerability has been identified in Cerberus DMS (All versions), Desigo CC (All versions), Desigo CC Compact (All versions), SIMATIC WinCC OA V3.16 (All versions in default configuration), SIMATIC WinCC OA V3.17 (All versions in non-default configuration), SIMATIC WinCC OA V3.18 (All versions in non-default configuration). Affected applications use client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-06-21
In Recipes, versions 0.17.0 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in the ‘Name’ field of Keyword, Food and Unit components. When a victim accesses the Keyword/Food/Unit endpoints, the XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover.
CVSS Score
3.5
EPSS Score
0.002
Published
2022-06-21
In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in copy to clipboard functionality. When a victim accesses the food list page, then adds a new Food with a malicious javascript payload in the ‘Name’ parameter and clicks on the clipboard icon, an XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover.
CVSS Score
3.5
EPSS Score
0.002
Published
2022-06-21
In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in “Add to Cart” functionality. When a victim accesses the food list page, then adds a new Food with a malicious javascript payload in the ‘Name’ parameter and clicks on the Add to Shopping Cart icon, an XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover.
CVSS Score
3.5
EPSS Score
0.002
Published
2022-06-21
An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device.
CVSS Score
9.8
EPSS Score
0.02
Published
2022-06-21
An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device.
CVSS Score
9.8
EPSS Score
0.007
Published
2022-06-21