Security Vulnerabilities - CVEs Published In June 2022
Xiaomi Lamp 1 v2.0.4_0066 was discovered to be vulnerable to replay attacks. This allows attackers to to bypass the expected access restrictions and gain control of the switch and other functions via a crafted POST request.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-06-16
A cross-site scripting vulnerability in the DM Section component of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.
CVSS Score
5.4
EPSS Score
0.075
Published
2022-06-16
MERCURY MIPC451-4 1.0.22 Build 220105 Rel.55642n was discovered to contain a remote code execution (RCE) vulnerability which is exploitable via a crafted POST request.
CVSS Score
8.8
EPSS Score
0.023
Published
2022-06-16
Online Fire Reporting System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ofrs/classes/Master.php.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-06-16
Student Registration and Fee Payment System v1.0 is vulnerable to SQL Injection via /scms/student.php.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-06-16
Online Tutor Portal Site v1.0 is vulnerable to Cross Site Scripting (XSS). via /otps/classes/Master.php.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-06-16
Online Discussion Forum Site v1.0 is vulnerable to SQL Injection via /odfs/classes/Master.php?f=delete_team.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-06-16
Online Tutor Portal Site v1.0 is vulnerable to SQL Injection via /otps/classes/Master.php?f=delete_team.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-06-16
Online Discussion Forum Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /odfs/classes/Master.php?f=save_category, name.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-06-16
Wiris Mathtype v7.28.0 was discovered to contain a path traversal vulnerability in the resourceFile parameter. This vulnerability is exploited via a crafted request to the resource handler.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-06-16