Security Vulnerabilities - CVEs Published In November 2022
Stored Cross-site Scripting (XSS) exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-11-23
This vulnerability discloses build and services versions in the server response header.
CVSS Score
5.3
EPSS Score
0.003
Published
2022-11-23
This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-11-23
Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT
CVSS Score
5.3
EPSS Score
0.002
Published
2022-11-23
The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-11-23
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter sPort/ePort in the setIpPortFilterRules function.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-11-23
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=user/manage_user&id=.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-11-23
Automotive Shop Management System v1.0 is vulnerable to Delete any file via /asms/classes/Master.php?f=delete_img.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-11-23
Apartment Visitor Management System v1.0 is vulnerable to SQL Injection via /avms/index.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-11-23
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function.
CVSS Score
9.8
EPSS Score
0.015
Published
2022-11-23