Security Vulnerabilities - CVEs Published In 2022
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=products/view_product&id=.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-12-14
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=products/manage_product&id=.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-12-14
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both "math" and "style" elements, or allow both "svg" and "style" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include "math" or "svg" and "style" should either upgrade or use the following workaround immediately: Remove "style" from the overridden allowed tags, or remove "math" and "svg" from the overridden allowed tags.
CVSS Score
7.2
EPSS Score
0.002
Published
2022-12-14
Helmet Store Showroom 1.0 is vulnerable to Cross Site Scripting (XSS).
CVSS Score
6.1
EPSS Score
0.233
Published
2022-12-14
Helmet Store Showroom 1.0 is vulnerable to Cross Site Request Forgery (CSRF). An unauthenticated user can add an admin account due to missing CSRF protection.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-12-14
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=view_product&id=.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-12-14
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue has been patched in version 1.4.4.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-12-14
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-12-14
A reflected cross-site scripting (XSS) vulnerability in Proxmox Virtual Environment prior to v7.2-3 allows remote attackers to execute arbitrary web scripts or HTML via non-existent endpoints under path /api2/html/.
CVSS Score
9.0
EPSS Score
0.002
Published
2022-12-14
D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function.
CVSS Score
9.8
EPSS Score
0.199
Published
2022-12-14