Security Vulnerabilities - CVEs Published In January 2024
A vulnerability was found in Jspxcms 10.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file src\main\java\com\jspxcms\core\web\back\InfoController.java of the component Document Management Page. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250837 was assigned to this vulnerability.
CVSS Score
3.5
EPSS Score
0.002
Published
2024-01-16
A Stored Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the post/save content parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-01-16
A stack-based buffer overflow vulnerability in /bin/webs binary in Edimax BR6478AC V2 firmware veraion v1.23 allows attackers to overwrite other values located on the stack due to an incorrect use of the strcpy() function.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-01-16
An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary code via the sub_410118 function of the shttpd program.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-01-16
OPCUAServerToolkit will write a log message once an OPC UA client has successfully connected containing the client's self-defined description field.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-01-16
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. This vulnerability was reported via the GitHub Bug Bounty program.
CVSS Score
7.2
EPSS Score
0.778
Published
2024-01-16
An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program.
CVSS Score
6.5
EPSS Score
0.774
Published
2024-01-16
Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_category.php?id=.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-01-16
Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_retailer.php?id=.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-01-16
Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_distributor.php?id=.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-01-16