Security Vulnerabilities - CVEs Published In July 2022
Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges access to drives being backed up to construct and inject JavaScript payloads into an authenticated user's browser. As a result, it may be possible to gain control over the authenticated session, steal data, modify settings, or redirect the user to malicious websites. The scope of impact can extend to other components.
CVSS Score
8.2
EPSS Score
0.005
Published
2022-07-25
IBM Security Verify Information Queue 10.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 230817.
CVSS Score
6.8
EPSS Score
0.001
Published
2022-07-25
IBM Security Verify Information Queue 10.0.2 could allow a user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 230818.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-07-25
IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230812.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-07-25
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Group Timeline module.
CVSS Score
5.4
EPSS Score
0.023
Published
2022-07-25
IBM Security Verify Information Queue 10.0.2 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 230811.
CVSS Score
5.3
EPSS Score
0.003
Published
2022-07-25
Authenticated WordPress Options Change vulnerability in Biplob Adhikari's Flipbox plugin <= 2.6.0 at WordPress.
CVSS Score
7.2
EPSS Score
0.01
Published
2022-07-25
In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.
CVSS Score
3.5
EPSS Score
0.003
Published
2022-07-25
In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.
CVSS Score
3.5
EPSS Score
0.003
Published
2022-07-25
A vulnerability in the component process.php of QR Code Generator v5.2.7 allows attackers to perform directory traversal.
CVSS Score
7.5
EPSS Score
0.022
Published
2022-07-25