Security Vulnerabilities - CVEs Published In February 2024
baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the site search feature. Version 5.0.9 contains a fix for this vulnerability.
CVSS Score
6.1
EPSS Score
0.006
Published
2024-02-22
baserCMS is a website development framework. Prior to version 5.0.9, there is an OS Command Injection vulnerability in the site search feature of baserCMS. Version 5.0.9 contains a fix for this vulnerability.
CVSS Score
5.6
EPSS Score
0.008
Published
2024-02-22
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerability affects Focus for iOS < 122.
CVSS Score
8.1
EPSS Score
0.004
Published
2024-02-22
Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the wps_ap_ssid5g parameter
CVSS Score
9.8
EPSS Score
0.131
Published
2024-02-22
Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the config_sequence parameter in other_para of cgitest.cgi.
CVSS Score
8.0
EPSS Score
0.004
Published
2024-02-22
Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS < 123.
CVSS Score
4.7
EPSS Score
0.003
Published
2024-02-22
Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. This vulnerability affects Firefox for iOS < 123.
CVSS Score
7.1
EPSS Score
0.004
Published
2024-02-22
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS < 123.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-02-22
Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS) on a victim website, if the victim had a link to the attacker's website. This vulnerability affects Focus for iOS < 123.
CVSS Score
6.1
EPSS Score
0.005
Published
2024-02-22
A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-02-22