Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2022
A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556.
CVSS Score
7.3
EPSS Score
0.008
Published
2022-10-17
Unrestricted Upload of File with Dangerous Type in GitHub repository boxbilling/boxbilling prior to 0.0.1.
CVSS Score
7.2
EPSS Score
0.44
Published
2022-10-17
MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40605.
CVSS Score
6.1
EPSS Score
0.004
Published
2022-10-17
xzs v3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /admin/question/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.
CVSS Score
5.4
EPSS Score
0.006
Published
2022-10-17
Online Tours & Travels Management System v1.0 is vulnerable to Arbitrary code execution via ip/tour/admin/operations/update_settings.php.
CVSS Score
7.2
EPSS Score
0.01
Published
2022-10-17
Open Source SACCO Management System v1.0 is vulnerable to SQL Injection via /sacco_shield/manage_payment.php.
CVSS Score
7.2
EPSS Score
0.008
Published
2022-10-17
kkFileView 4.0 is vulnerable to Cross Site Scripting (XSS) via controller\ Filecontroller.java.
CVSS Score
6.1
EPSS Score
0.004
Published
2022-10-17
MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40606.
CVSS Score
6.1
EPSS Score
0.004
Published
2022-10-17
MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka the gist contact configuration field), leading to execution of arbitrary commands on agents.
CVSS Score
5.4
EPSS Score
0.005
Published
2022-10-17
kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\OnlinePreviewController.java.
CVSS Score
9.8
EPSS Score
0.022
Published
2022-10-17


Contact Us

Shodan ® - All rights reserved