Security Vulnerabilities - CVEs Published In March 2024
Cross-site scripting vulnerability exists in FitNesse all releases, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with specially crafted multiple parameters.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-03-18
Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-03-18
In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-03-18
danielmiessler fabric through 1.3.0 allows installer/client/gui/static/js/index.js XSS because of innerHTML mishandling, such as in htmlToPlainText.
CVSS Score
7.4
EPSS Score
0.001
Published
2024-03-18
flusity CMS through 2.45 allows tools/addons_model.php Gallery Name XSS. The reporter indicates that this product "ceased its development as of February 2024."
CVSS Score
6.1
EPSS Score
0.001
Published
2024-03-18
Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated credentials via GetCredentials.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-03-18
FusionPBX before 5.2.0 does not validate a session.
CVSS Score
5.3
EPSS Score
0.0
Published
2024-03-18
A vulnerability has been found in SourceCodester Employee Task Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /update-employee.php. The manipulation of the argument admin_id leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257080.
CVSS Score
7.3
EPSS Score
0.0
Published
2024-03-18
A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257081 was assigned to this vulnerability.
CVSS Score
8.8
EPSS Score
0.005
Published
2024-03-18
A stack-based buffer overflow vulnerability in gross 0.9.3 through 1.x before 1.0.4 allows remote attackers to trigger a denial of service (grossd daemon crash) or potentially execute arbitrary code in grossd via crafted SMTP transaction parameters that cause an incorrect strncat for a log entry.
CVSS Score
7.5
EPSS Score
0.032
Published
2024-03-18