Security Vulnerabilities - CVEs Published In February 2023
In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-02-24
The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the regenerateSitemaps function. This makes it possible for unauthenticated attackers to regenerate Sitemaps via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-02-24
A vulnerability has been found in SourceCodester/code-projects Online Boat Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /boat/login.php of the component POST Parameter Handler. The manipulation of the argument un leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
3.5
EPSS Score
0.001
Published
2023-02-24
In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.
CVSS Score
3.3
EPSS Score
0.0
Published
2023-02-24
File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-02-24
Cross Site Scripting Vulnerability in MiniCMS v.1.10 allows attacker to execute arbitrary code via a crafted get request.
CVSS Score
9.6
EPSS Score
0.001
Published
2023-02-24
Arbitrary File Read vulnerability found in Peacexie ImCat v.5.2 fixed in v.5.4 allows attackers to obtain sensitive information via the filtering_get_contents function.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-02-24
An issue found in Peacexie Imcat v5.4 allows attackers to execute arbitrary code via the incomplete filtering function.
CVSS Score
9.8
EPSS Score
0.007
Published
2023-02-24
An issue was discovered in lib60870 v2.3.2. There is a memory leak in lib60870/lib60870-C/examples/multi_client_server/multi_client_server.c.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-02-24
The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Administrator role or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
4.4
EPSS Score
0.015
Published
2023-02-24