Security Vulnerabilities - CVEs Published In January 2023
When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
CVSS Score
5.3
EPSS Score
0.016
Published
2023-01-16
In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system.
CVSS Score
7.8
EPSS Score
0.002
Published
2023-01-16
Path Traversal: '\..\filename' in GitHub repository froxlor/froxlor prior to 2.0.0.
CVSS Score
6.8
EPSS Score
0.004
Published
2023-01-16
Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.
CVSS Score
7.2
EPSS Score
0.901
Published
2023-01-16
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
CVSS Score
6.5
EPSS Score
0.003
Published
2023-01-15
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
CVSS Score
9.1
EPSS Score
0.004
Published
2023-01-15
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
CVSS Score
5.7
EPSS Score
0.008
Published
2023-01-15
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
CVSS Score
7.6
EPSS Score
0.002
Published
2023-01-15
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
CVSS Score
8.6
EPSS Score
0.002
Published
2023-01-15
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-01-15