Security Vulnerabilities - CVEs Published In January 2020
selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.
CVSS Score
7.5
EPSS Score
0.008
Published
2020-01-02
In Support Incident Tracker (SiT!) 3.67, the search_id parameter in the search_incidents_advanced.php page is affected by XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-02
In Support Incident Tracker (SiT!) 3.67, Load Plugins input in the config.php page is affected by XSS. The XSS payload is, for example, executed on the about.php page.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-02
In Support Incident Tracker (SiT!) 3.67, the Short Application Name and Application Name inputs in the config.php page are affected by XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-02
In Support Incident Tracker (SiT!) 3.67, the id parameter is affected by XSS on all endpoints that use this parameter, a related issue to CVE-2012-2235.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-02
The Authorized Addresses feature in the Postie plugin 1.9.40 for WordPress allows remote attackers to publish posts by spoofing the From information of an email message.
CVSS Score
5.3
EPSS Score
0.007
Published
2020-01-02
Page 166