Security Vulnerabilities - CVEs Published In February 2024
Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the projectID parameter at /TaskManager/EditProject.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-14
Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-14
A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Size Number parameter under the Add Size function.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-02-14
A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-02-14
A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-02-14
IBM Jazz for Service Management 1.1.3.20 could allow an unauthorized user to obtain sensitive file information using forced browsing due to improper access controls. IBM X-Force ID: 269929.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-02-14
Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests to a bare host with no path (e.g. https://www.example.com/ https://www.example.com/` ), requests to an endpoint other than the one configured by the administrator could be triggered by a specially crafted request from any user, resulting in an SSRF vector. AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator
CVSS Score
5.0
EPSS Score
0.002
Published
2024-02-14
Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. This vulnerabiity allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Contact Number parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-02-14
Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. This vulnerabiity allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-02-14
Barangay Population Monitoring System 1.0 was discovered to contain a SQL injection vulnerability via the resident parameter at /endpoint/delete-resident.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-14