Security Vulnerabilities - CVEs Published In October 2022
A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument category_name leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-210436.
CVSS Score
3.5
EPSS Score
0.001
Published
2022-10-11
A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /transcation.php. The manipulation of the argument buyer_name leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-210437 was assigned to this vulnerability.
CVSS Score
3.5
EPSS Score
0.001
Published
2022-10-11
Wedding Planner v1.0 is vulnerable to arbitrary code execution via users_profile.php.
CVSS Score
8.8
EPSS Score
0.006
Published
2022-10-11
Wedding Planner v1.0 is vulnerable to Arbitrary code execution via package_edit.php.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-10-11
Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/admin/?page=user/manage_user&id=.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-10-11
A Stored XSS issue in Student Clearance System v.1.0 allows the injection of arbitrary JavaScript in the Student registration form.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-10-11
Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Gabe Livan's Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 at WordPress.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-10-11
Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for Contact Form 7 plugin <= 2.4.0 at WordPress allows attackers to change options and inject scripts into the footer HTML. Requires an additional extension (plugin) AccessiBe.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-10-11
Dell Container Storage Modules 1.2 contains an OS Command Injection in goiscsi and gobrick libraries. A remote unauthenticated attacker could exploit this vulnerability leading to modification of intended OS command execution.
CVSS Score
8.8
EPSS Score
0.04
Published
2022-10-11
Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.
CVSS Score
7.1
EPSS Score
0.001
Published
2022-10-11