Security Vulnerabilities - CVEs Published In January 2024
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Contact Email Address parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.
Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
CVSS Score
6.9
EPSS Score
0.0
Published
2024-01-17
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Description parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.
Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
CVSS Score
6.9
EPSS Score
0.0
Published
2024-01-17
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 2 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.
Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
CVSS Score
6.9
EPSS Score
0.0
Published
2024-01-17
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 3 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.
Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
CVSS Score
6.9
EPSS Score
0.0
Published
2024-01-17
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 1 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.
Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
CVSS Score
6.9
EPSS Score
0.0
Published
2024-01-17
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Traceroute parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.
Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
CVSS Score
6.9
EPSS Score
0.0
Published
2024-01-17
The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. Affected parameters include 'browser', 'device', 'page_id', 'page_url', 'platform', and 'referrer'. This vulnerability arises due to insufficient escaping of user-supplied parameters and the lack of adequate preparation in SQL queries. As a result, authenticated attackers with editor access or higher can append additional SQL queries into existing ones, potentially leading to unauthorized access to sensitive information from the database.
CVSS Score
7.2
EPSS Score
0.002
Published
2024-01-17
kodbox v1.49.04 was discovered to contain a cross-site scripting (XSS) vulnerability via the URL parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-01-17
A Cross Site Scripting (XSS) vulnerability in evewa3ajax.php in GRUEN eVEWA3 Community 31 through 53 allows attackers to obtain escalated privileges via a crafted request to the login panel.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-01-17
An issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via the id_order parameter.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-01-17