Security Vulnerabilities - CVEs Published In January 2023
Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation vulnerability that may allow privilege escalation.
CVSS Score
6.8
EPSS Score
0.001
Published
2023-01-12
Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) – vulnerability may allow unauthorized action on behalf of authenticated users.
CVSS Score
6.8
EPSS Score
0.001
Published
2023-01-12
Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting (PXSS) – vulnerability may allow inserting scripts into unspecified input fields.
CVSS Score
6.8
EPSS Score
0.002
Published
2023-01-12
Rumpus - FTP server version 9.0.7.1 Improper Token Verification– vulnerability may allow bypassing identity verification.
CVSS Score
7.3
EPSS Score
0.001
Published
2023-01-12
Alotcer - AR7088H-A firmware version 16.10.3 Information disclosure. Unspecified error message contains the default administrator user name.
CVSS Score
5.3
EPSS Score
0.003
Published
2023-01-12
Alotcer - AR7088H-A firmware version 16.10.3 Command execution Improper validation of unspecified input field may allow Authenticated command execution.
CVSS Score
7.2
EPSS Score
0.003
Published
2023-01-12
A vulnerability has been found in manikandan170890 php-form-builder-class and classified as problematic. Affected by this vulnerability is an unknown functionality of the file PFBC/Element/Textarea.php of the component Textarea Handler. The manipulation of the argument value leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named 74897993818d826595fd5857038e6703456a594a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218155.
CVSS Score
3.5
EPSS Score
0.003
Published
2023-01-12
A vulnerability was found in aeharding classroom-engagement-system and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to sql injection. The attack may be launched remotely. The name of the patch is 096de5815c7b414e7339f3439522a446098fb73a. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218156.
CVSS Score
6.3
EPSS Score
0.003
Published
2023-01-12
H C Mingham-Smith Ltd - Tardis 2000 Privilege escalation.Version 1.6 is vulnerable to privilege escalation which may allow a malicious actor to gain system privileges.
CVSS Score
4.9
EPSS Score
0.002
Published
2023-01-12
Moodle Plugin - SAML Auth may allow Open Redirect through unspecified vectors.
CVSS Score
6.5
EPSS Score
0.003
Published
2023-01-12