Security Vulnerabilities - CVEs Published In September 2022
Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control tooltips for this component.
CVSS Score
5.4
EPSS Score
0.025
Published
2022-09-21
Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control API responses by Anchore engine.
CVSS Score
5.4
EPSS Score
0.076
Published
2022-09-21
Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-09-21
Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label: elementInfo.label.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-09-21
Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user
CVSS Score
3.3
EPSS Score
0.002
Published
2022-09-21
The Identity and Directory Management System developed by Çekino Bilgi Teknolojileri before version 2.1.25 has an unauthenticated Path traversal vulnerability. This has been fixed in the version 2.1.25
CVSS Score
7.5
EPSS Score
0.002
Published
2022-09-21
In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-09-21
XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-09-21
If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Perform any action within the application that the user can perform. View any information that the user is able to view. Modify any information that the user is able to modify. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user.
CVSS Score
6.8
EPSS Score
0.0
Published
2022-09-21
Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-09-21