Security Vulnerabilities - CVEs Published In November 2022
A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary JavaScript in the context of an admin's account.
CVSS Score
7.6
EPSS Score
0.424
Published
2022-11-20
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.
CVSS Score
3.4
EPSS Score
0.902
Published
2022-11-20
Insufficient Session Expiration in GitHub repository librenms/librenms prior to 22.10.0.
CVSS Score
2.7
EPSS Score
0.0
Published
2022-11-20
Deserialization of Untrusted Data in GitHub repository librenms/librenms prior to 22.10.0.
CVSS Score
9.0
EPSS Score
0.0
Published
2022-11-20
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-11-20
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.
CVSS Score
4.3
EPSS Score
0.891
Published
2022-11-20
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.
CVSS Score
3.4
EPSS Score
0.901
Published
2022-11-20
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.
CVSS Score
5.7
EPSS Score
0.0
Published
2022-11-20
A vulnerability was found in cbeust testng 7.5.0/7.6.0/7.6.1/7.7.0. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remotely. Upgrading to version 7.5.1 and 7.7.1 is able to address this issue. The patch is named 9150736cd2c123a6a3b60e6193630859f9f0422b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-214027.
CVSS Score
5.5
EPSS Score
0.003
Published
2022-11-19
A vulnerability was found in davidmoreno onion. It has been rated as problematic. Affected by this issue is the function onion_response_flush of the file src/onion/response.c of the component Log Handler. The manipulation leads to allocation of resources. The name of the patch is de8ea938342b36c28024fd8393ebc27b8442a161. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-214028.
CVSS Score
3.5
EPSS Score
0.001
Published
2022-11-19