Security Vulnerabilities - CVEs Published In November 2022
A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack (clickjacking) and an HTML injection which disables the use of the history page.
CVSS Score
7.1
EPSS Score
0.001
Published
2022-11-21
An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA
Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-11-21
Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection vulnerabilities via the First Name, Contact and Remarks fields. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file.
CVSS Score
7.8
EPSS Score
0.016
Published
2022-11-21
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function addWifiMacFilter.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-11-21
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetWifiGuestBasic.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-11-21
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function fromSetRouteStatic.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-11-21
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formWifiWpsStart.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-11-21
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow. via function formWifiWpsOOB.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-11-21
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function form_fast_setting_wifi_set.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-11-21
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function R7WebsSecurityHandler.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-11-21