Security Vulnerabilities - CVEs Published In January 2025
Missing Authorization vulnerability in bPlugins LLC Button Block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Button Block: from n/a through 1.1.5.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-01-15
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Stored XSS.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.27.4.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-01-15
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeBard CodeBard Help Desk allows Reflected XSS.This issue affects CodeBard Help Desk: from n/a through 1.1.2.
CVSS Score
7.1
EPSS Score
0.001
Published
2025-01-15
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GSheetConnector GSheetConnector for Forminator Forms allows Reflected XSS.This issue affects GSheetConnector for Forminator Forms: from n/a through 1.0.11.
CVSS Score
7.1
EPSS Score
0.001
Published
2025-01-15
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TechnoWich WP ULike allows Stored XSS.This issue affects WP ULike: from n/a through 4.7.6.
CVSS Score
5.9
EPSS Score
0.001
Published
2025-01-15
Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input.
CVSS Score
6.5
EPSS Score
0.003
Published
2025-01-15
Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 5.5.6.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-01-15
A cross-site scripting (xss) vulnerability exists in the add_alert_check page of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the attacker.
CVSS Score
8.7
EPSS Score
0.002
Published
2025-01-15
A cross-site scripting (xss) vulnerability exists in the weather map editor functionality of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the attacker.
CVSS Score
8.7
EPSS Score
0.002
Published
2025-01-15
A html code injection vulnerability exists in the vlan management part of Observium CE 24.4.13528. A specially crafted HTTP request can lead to an arbitrary html code. An authenticated user would need to click a malicious link provided by the attacker.
CVSS Score
8.7
EPSS Score
0.002
Published
2025-01-15