Security Vulnerabilities - CVEs Published In January 2023
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-01-07
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
CVSS Score
7.1
EPSS Score
0.002
Published
2023-01-07
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-01-07
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
CVSS Score
7.6
EPSS Score
0.003
Published
2023-01-07
A vulnerability was found in Piwigo-Guest-Book up to 1.3.0. It has been declared as critical. This vulnerability affects unknown code of the file include/guestbook.inc.php of the component Navigation Bar. The manipulation of the argument start leads to sql injection. Upgrading to version 1.3.1 is able to address this issue. The patch is identified as 0cdd1c388edf15089c3a7541cefe7756e560581d. It is recommended to upgrade the affected component. VDB-217582 is the identifier assigned to this vulnerability.
CVSS Score
5.5
EPSS Score
0.009
Published
2023-01-06
An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur on the Classic UI login page by injecting arbitrary JavaScript code in the username field. This occurs before the user logs into the system, which means that even if the attacker executes arbitrary JavaScript, they will not get any sensitive information.
CVSS Score
6.1
EPSS Score
0.007
Published
2023-01-06
An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via one of attributes in webmail URLs to execute arbitrary JavaScript code, leading to information disclosure.
CVSS Score
6.1
EPSS Score
0.007
Published
2023-01-06
A vulnerability exists in Nokia’s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader.
CVSS Score
8.4
EPSS Score
0.001
Published
2023-01-06
The bootloader in the Nokia ASIK AirScale system module (versions 474021A.101 and 474021A.102) loads public keys for firmware verification signature. If an attacker modifies the flash contents to corrupt the keys, secure boot could be permanently disabled on a given device.
CVSS Score
8.4
EPSS Score
0.001
Published
2023-01-06
The signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed allowing an attacker to run modified firmware. This could result in the execution of a malicious kernel, arbitrary programs, or modified Nokia programs.
CVSS Score
8.4
EPSS Score
0.001
Published
2023-01-06