Security Vulnerabilities - CVEs Published In March 2022
VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability. Due to insufficient sanitization and validation, in VMware Workspace ONE Boxer calendar event descriptions, a malicious actor can inject script tags to execute arbitrary script within a user's window.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-03-02
Zulip is an open source team chat app. The `main` development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attacker could maliciously craft a full name for their account and send messages to a topic with several participants; a victim who then opens an overflow tooltip including this full name on the recent topics page could trigger execution of JavaScript code controlled by the attacker. Users running a Zulip server from the main branch should upgrade from main (2022-03-01 or later) again to deploy this fix.
CVSS Score
4.6
EPSS Score
0.003
Published
2022-03-02
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-03-02
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-03-02
Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-03-02
Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no known workaround.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-03-02
seacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-03-02
The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.6, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 2 incorrectly sets default permissions for site members, which allows remote authenticated users with the site member role to add and duplicate forms, via the UI or the API.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-03-02
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213076.
CVSS Score
6.2
EPSS Score
0.0
Published
2022-03-02
Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM management interface 8.6.2 and below, 8.5.2 and below, 8.4.2 and below, 8.3.3 and below, 8.2.2 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.
CVSS Score
5.4
EPSS Score
0.004
Published
2022-03-02