Security Vulnerabilities - CVEs Published In February 2025
A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Restaurant Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-02-20
PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "seat_name, plugin_sms_api_key, plugin_sms_country_code, title, name" parameters.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-02-20
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Bus Reservation System v1.1 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-02-20
PHPJabbers Event Ticketing System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "name, title" parameters.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-02-20
PHPJabbers Car Park Booking System v3.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-02-20
A lack of rate limiting in the 'Email Settings' feature of PHPJabbers Car Park Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-02-20
The Lenix Elementor Leads addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a URL form field in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
7.2
EPSS Score
0.005
Published
2025-02-20
Dell RecoverPoint for Virtual Machines 6.0.X contains a command execution vulnerability. A Low privileged malicious user with local access could potentially exploit this vulnerability by running the specific binary and perform any administrative action permitted by it resulting in shutting down the server, modifying the configuration leading to gain access to unauthorized data.
CVSS Score
6.6
EPSS Score
0.0
Published
2025-02-20
Dell Recover Point for Virtual Machines 6.0.X contains a Weak file system permission vulnerability. A low privileged Local attacker could potentially exploit this vulnerability, leading to impacting only non-sensitive resources in the system.
CVSS Score
5.5
EPSS Score
0.001
Published
2025-02-20
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages
with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-02-20