Security Vulnerabilities - CVEs Published In October 2022
SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Plist.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-10-28
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themepoints Testimonials plugin <= 2.6 on WordPress.
CVSS Score
4.8
EPSS Score
0.001
Published
2022-10-28
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A malicious maintainer could exfiltrate a GitHub integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.
CVSS Score
5.5
EPSS Score
0.009
Published
2022-10-28
An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs.
CVSS Score
6.8
EPSS Score
0.001
Published
2022-10-28
Employee Record Management System v 1.2 is vulnerable to SQL Injection via editempprofile.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-10-28
SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-10-28
SEMCMS Shop V 1.1 is vulnerable to SQL Injection via Ant_Global.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-10-28
SEMCMS v 1.1 is vulnerable to SQL Injection via Ant_Pro.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-10-28
Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php.
CVSS Score
5.4
EPSS Score
0.004
Published
2022-10-28
Employee Record Management System v 1.2 is vulnerable to Cross Site Scripting (XSS) via editempprofile.php.
CVSS Score
5.4
EPSS Score
0.004
Published
2022-10-28