Security Vulnerabilities - CVEs Published In December 2022
Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user.
CVSS Score
6.1
EPSS Score
0.005
Published
2022-12-12
The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https://10.10.20.74/lib/. This address has a backup file which can be downloaded without any authentication.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-12-12
Dragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain a Cross-Site Request Forgery in the logout page.
CVSS Score
3.5
EPSS Score
0.001
Published
2022-12-12
SENS v1.0 is vulnerable to Cross Site Scripting (XSS).
CVSS Score
6.1
EPSS Score
0.001
Published
2022-12-12
SENS v1.0 is vulnerable to Cross Site Scripting (XSS) via com.liuyanzhao.sens.web.controller.admin, getRegister.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-12-12
SENS v1.0 has a file upload vulnerability.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-12-12
SENS v1.0 is vulnerable to Incorrect Access Control vulnerability.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-12-12
Cross-site Scripting (XSS) - DOM in GitHub repository nuxt/framework prior to v3.0.0-rc.13.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-12-12
Cross-site Scripting (XSS) - Reflected in GitHub repository nuxt/framework prior to v3.0.0-rc.13.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-12-12
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.9.
CVSS Score
9.8
EPSS Score
0.023
Published
2022-12-11