Security Vulnerabilities - CVEs Published In February 2025
PHPJabbers Event Ticketing System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "name, title" parameters.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-02-20
PHPJabbers Car Park Booking System v3.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-02-20
A lack of rate limiting in the 'Email Settings' feature of PHPJabbers Car Park Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.
CVSS Score
4.3
EPSS Score
0.003
Published
2025-02-20
The Lenix Elementor Leads addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a URL form field in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
7.2
EPSS Score
0.001
Published
2025-02-20
Dell RecoverPoint for Virtual Machines 6.0.X contains a command execution vulnerability. A Low privileged malicious user with local access could potentially exploit this vulnerability by running the specific binary and perform any administrative action permitted by it resulting in shutting down the server, modifying the configuration leading to gain access to unauthorized data.
CVSS Score
6.6
EPSS Score
0.0
Published
2025-02-20
Dell Recover Point for Virtual Machines 6.0.X contains a Weak file system permission vulnerability. A low privileged Local attacker could potentially exploit this vulnerability, leading to impacting only non-sensitive resources in the system.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-02-20
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages
with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-02-20
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages
could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. By modifying the CSRF token and Session Id cookie parameters using the cookies of another user, a remote attacker could exploit this vulnerability to bypass security restrictions and gain unauthorized access to the vulnerable application.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-02-20
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Score
7.1
EPSS Score
0.002
Published
2025-02-20
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages
is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using HTML tags in a text field of an object to inject malicious script into an email which would be executed in a victim's mail client within the security context of the OpenPages mail message. An attacker could use this for phishing or identity theft attacks.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-02-20