Security Vulnerabilities - CVEs Published In January 2019
Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL.
CVSS Score
9.8
EPSS Score
0.921
Published
2019-01-30
OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-01-30
OX App Suite 7.8.4 and earlier allows Information Exposure.
CVSS Score
5.3
EPSS Score
0.003
Published
2019-01-30
OX App Suite 7.8.4 and earlier allows Directory Traversal.
CVSS Score
6.1
EPSS Score
0.005
Published
2019-01-30
TitanHQ SpamTitan before 7.01 has Improper input validation. This allows internal attackers to bypass the anti-spam filter to send malicious emails to an entire organization by modifying the URL requests sent to the application.
CVSS Score
5.3
EPSS Score
0.003
Published
2019-01-30
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-01-29
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-01-29
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-01-29
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-01-29
A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/_core/users/admins/my_edit.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-01-29