Security Vulnerabilities - CVEs Published In March 2023
Stored Cross-Site Scripting (XSS) vulnerability in John West Slideshow SE plugin <= 2.5.5 versions.
CVSS Score
4.8
EPSS Score
0.003
Published
2023-03-16
Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with administrator privileges could potentially exploit this vulnerability to perform arbitrary code execution.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-03-16
Cross-Site Request Forgery (CSRF) vulnerability in Social Login WP plugin <= 5.0.0.0 versions.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-03-16
Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions plugin <= 2.7.5 versions.
CVSS Score
4.7
EPSS Score
0.003
Published
2023-03-16
Cross-Site Scripting (XSS) vulnerability in Dario Curvino Yasr – Yet Another Stars Rating plugin <= 3.1.2 versions.
CVSS Score
5.4
EPSS Score
0.003
Published
2023-03-16
In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation
CVSS Score
8.8
EPSS Score
0.009
Published
2023-03-16
SA-WR915ND router firmware v17.35.1 was discovered to be vulnerable to code execution.
CVSS Score
9.8
EPSS Score
0.008
Published
2023-03-16
An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController.
CVSS Score
8.8
EPSS Score
0.007
Published
2023-03-16
Command execution vulnerability was discovered in JHR-N916R router firmware version<=21.11.1.1483.
CVSS Score
9.8
EPSS Score
0.008
Published
2023-03-16
SQL Injection vulnerability found in Kirin Fortress Machine v.1.7-2020-0610 allows attackers to execute arbitrary code via the /admin.php?controller=admin_commonuser parameter.
CVSS Score
9.8
EPSS Score
0.005
Published
2023-03-16