Security Vulnerabilities - CVEs Published In January 2024
Studio Network Solutions ShareBrowser before 7.0 on macOS mishandles signature verification, aka PMP-2636.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-01-17
A Cross-site scripting (XSS) vulnerability in login page php code in Armex ABO.CMS 5.9 allows remote attackers to inject arbitrary web script or HTML via the login.php? URL part.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-01-17
CVE-2023-6548
Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.
Known exploited
CVSS Score
5.5
EPSS Score
0.251
Published
2024-01-17
Missing Authorization vulnerability in ThemeinProgress WIP Custom Login.This issue affects WIP Custom Login: from n/a through 1.2.7.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-01-17
Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, prior to 8.1.2 patch 0402. Versions prior to 8.0 are end of manufacturer support.
CVSS Score
5.7
EPSS Score
0.001
Published
2024-01-17
A vulnerability, which was classified as problematic, was found in Sparksuite SimpleMDE up to 1.11.2. This affects an unknown part of the component iFrame Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251373 was assigned to this vulnerability.
CVSS Score
4.3
EPSS Score
0.003
Published
2024-01-17
Missing Authorization vulnerability in WP Job Portal WP Job Portal – A Complete Job Board.This issue affects WP Job Portal – A Complete Job Board: from n/a through 2.0.1.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-01-17
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.1.76.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-01-17
Stupid Simple CMS <=1.2.4 is vulnerable to Cross Site Scripting (XSS) in the editing section of the article content.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-01-17
Stupid Simple CMS <=1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin-edit.php.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-01-17