Security Vulnerabilities - CVEs Published In January 2020
The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-01-10
The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injection Vulnerability
CVSS Score
9.8
EPSS Score
0.016
Published
2020-01-10
The ultimate-weather plugin 1.0 for WordPress has XSS
CVSS Score
6.1
EPSS Score
0.128
Published
2020-01-10
Status2k allows Remote Command Execution in admin/options/editpl.php.
CVSS Score
8.8
EPSS Score
0.055
Published
2020-01-10
Status2k does not remove the install directory allowing credential reset.
CVSS Score
9.8
EPSS Score
0.122
Published
2020-01-10
Pretty-Link WordPress plugin 1.5.2 has XSS
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-10
sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication bypass
CVSS Score
9.8
EPSS Score
0.063
Published
2020-01-10
flog plugin 0.1 for WordPress has XSS
CVSS Score
6.1
EPSS Score
0.002
Published
2020-01-10
LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command injection on the application server.
CVSS Score
9.8
EPSS Score
0.034
Published
2020-01-10
Déjà Vu Crescendo Sales CRM has remote SQL Injection
CVSS Score
9.8
EPSS Score
0.035
Published
2020-01-10