Security Vulnerabilities - CVEs Published In February 2023
A vulnerability was found in GoPistolet. It has been declared as problematic. This vulnerability affects unknown code of the component MTA. The manipulation leads to denial of service. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as b91aa4674d460993765884e8463c70e6d886bc90. It is recommended to apply a patch to fix this issue. VDB-221506 is the identifier assigned to this vulnerability.
CVSS Score
3.5
EPSS Score
0.0
Published
2023-02-21
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Codiad 2.8.0. It has been rated as problematic. Affected by this issue is the function saveJSON of the file components/install/process.php. The manipulation of the argument data leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 2.8.1 is able to address this issue. The patch is identified as 517119de673e62547ee472a730be0604f44342b5. It is recommended to upgrade the affected component. VDB-221498 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
3.1
EPSS Score
0.001
Published
2023-02-21
A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V2.00(ABMP.6)C0 due to a factory default misconfiguration intended for testing purposes. A remote attacker could leverage this vulnerability to access an affected device using Telnet.
CVSS Score
9.8
EPSS Score
0.007
Published
2023-02-21
A Vulnerability was discovered in Axis 207W network camera. There is a reflected XSS vulnerability in the web administration portal, which allows an attacker to execute arbitrary JavaScript via URL.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-02-21
Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length.
CVSS Score
6.5
EPSS Score
0.003
Published
2023-02-21
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.5.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-02-21
TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-02-21
Vditor is a browser-side Markdown editor. Versions prior to 3.8.7 are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. Version 3.8.7 contains a patch for this issue.
CVSS Score
6.1
EPSS Score
0.004
Published
2023-02-21
Microweber is a drag and drop website builder and content management system. Versions 1.2.12 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. A fix was attempted in versions 1.2.9 and 1.2.12, but it is incomplete.
CVSS Score
6.1
EPSS Score
0.009
Published
2023-02-21
Cockpit is a content management system that allows addition of content management functionality to any site. In versions 0.12.2 and prior, bad HTML sanitization in `htmleditor.js` may lead to cross-site scripting (XSS) issues. There are no known patches for this issue.
CVSS Score
6.1
EPSS Score
0.005
Published
2023-02-21