Security Vulnerabilities - CVEs Published In November 2022
A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-11-17
Auth. Stored Cross-Site Scripting (XSS) vulnerability in Ezoic plugin <= 2.8.8 on WordPress.
CVSS Score
4.8
EPSS Score
0.001
Published
2022-11-17
SQL Injection in
Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
CVSS Score
8.8
EPSS Score
0.001
Published
2022-11-17
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in News Announcement Scroll plugin <= 8.8.8 on WordPress.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-11-17
Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerability in Ezoic plugin <= 2.8.8 on WordPress.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-11-17
Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.
CVSS Score
9.9
EPSS Score
0.004
Published
2022-11-17
GLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS).
Type 1: Reflected XSS (or Non-Persistent) - The server reads data directly from the HTTP request and reflects it back in
the HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content to a
vulnerable web application, which is then reflected back to the victim and executed by the web browser. The most
common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or emailed directly to the victim. URLs constructed in this manner constitute the core of many phishing schemes, whereby
an attacker convinces a victim to visit a URL that refers to a vulnerable site. After the site reflects the attacker's content
back to the victim, the content is executed by the victim's browser.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-11-17
Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.
CVSS Score
7.1
EPSS Score
0.001
Published
2022-11-17
Arbitrary file write in F-Secure Policy Manager through 2022-08-10 allows unauthenticated users to write the file with the contents in arbitrary locations on the F-Secure Policy Manager Server.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-11-17
Webvendome - webvendome Internal Server IP Disclosure.
Send GET Request to the request which is shown in the picture.
Internal Server IP and Full path disclosure.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-11-17