Security Vulnerabilities - CVEs Published In February 2023
A vulnerability, which was classified as problematic, has been found in SourceCodester Online Pizza Ordering System 1.0. This issue affects some unknown processing of the file admin/ajax.php?action=save_user. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221681 was assigned to this vulnerability.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-02-23
Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions via crafted packets.
CVSS Score
9.8
EPSS Score
0.0
Published
2023-02-23
Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.2.8 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-02-23
Multiple stored and reflected cross-site scripting vulnerabilities in webapp jsp pages in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to confidential session information. Users
should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and
Horizon installation instructions state that they are intended for installation
within an organization's private networks and should not be directly accessible
from the Internet.
CVSS Score
6.7
EPSS Score
0.001
Published
2023-02-23
Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to steal session cookies. Users
should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and
Horizon installation instructions state that they are intended for installation
within an organization's private networks and should not be directly accessible
from the Internet.
CVSS Score
6.7
EPSS Score
0.003
Published
2023-02-23
Cross-site scripting in outage/list.htm in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4 or newer.
Meridian
and Horizon installation instructions state that they are intended for
installation within an organization's private networks and should not be
directly accessible from the Internet.
CVSS Score
5.8
EPSS Score
0.001
Published
2023-02-23
Cross-Site Request Forgery (CSRF) vulnerability in MainWP Matomo Extension <= 4.0.4 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-02-23
Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organization chart <= 1.4.4 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-02-23
Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to debug. Users
should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and
Horizon installation instructions state that they are intended for installation
within an organization's private networks and should not be directly accessible
from the Internet.
CVSS Score
6.8
EPSS Score
0.002
Published
2023-02-23
A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been classified as critical. Affected is an unknown function of the component Delete User. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-221676.
CVSS Score
6.3
EPSS Score
0.0
Published
2023-02-23