Security Vulnerabilities - CVEs Published In 2022
Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflected XSS.
CVSS Score
5.4
EPSS Score
0.006
Published
2022-12-12
An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r40P0.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-12-12
An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=save_settings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVSS Score
7.2
EPSS Score
0.06
Published
2022-12-12
The Donation Button WordPress plugin through 4.0.0 does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-12-12
The Image Hover Effects WordPress plugin before 5.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS Score
4.8
EPSS Score
0.001
Published
2022-12-12
The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.6, Booster Elite for WooCommerce WordPress plugin before 1.1.8 does not properly check for CSRF when creating and deleting Customer roles, allowing attackers to make logged admins create and delete arbitrary custom roles via CSRF attacks
CVSS Score
6.5
EPSS Score
0.002
Published
2022-12-12
The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is susceptible to IP Spoofing attacks, which can lead to bypassed security features (like IP blocks, rate limiting, brute force protection, and more).
CVSS Score
5.3
EPSS Score
0.001
Published
2022-12-12
An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2. This
could allow a user with access to the log files to discover connection strings of data sources configured for the
DbConnect, which could include credentials. Successful exploitation of this vulnerability could allow other users
unauthorized access to the underlying data sources.
CVSS Score
4.7
EPSS Score
0.003
Published
2022-12-12
A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This could
allow an unauthorized user with access the email and short messaging service (SMS) accounts configuration files
to discover the associated simple mail transfer protocol (SMTP) account credentials and the SIM card PIN code.
Successful exploitation of this vulnerability could allow an unauthorized user access to the underlying email
account and SIM card.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-12-12
Improper Privilege Management in GitHub repository ikus060/rdiffweb prior to 2.5.2.
CVSS Score
6.0
EPSS Score
0.001
Published
2022-12-12