Security Vulnerabilities - CVEs Published In March 2023
HTTP Protocol Stack Remote Code Execution Vulnerability
CVSS Score
9.8
EPSS Score
0.117
Published
2023-03-14
Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability
CVSS Score
7.0
EPSS Score
0.004
Published
2023-03-14
Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability
CVSS Score
5.5
EPSS Score
0.025
Published
2023-03-14
Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS Score
9.8
EPSS Score
0.117
Published
2023-03-14
Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, a user who can log in on iTop is able to take over any account just by knowing the account's username. This issue is fixed in versions 2.7.8 and 3.0.2-1.
CVSS Score
9.6
EPSS Score
0.004
Published
2023-03-14
Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, the reset password token is generated without any randomness parameter. This may lead to account takeover. The issue is fixed in versions 2.7.8 and 3.0.2-1.
CVSS Score
7.4
EPSS Score
0.005
Published
2023-03-14
A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-03-14
A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-03-14
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin/traveller_details.php. The manipulation of the argument address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222983.
CVSS Score
3.5
EPSS Score
0.003
Published
2023-03-14
A vulnerability classified as problematic has been found in SourceCodester Online Student Management System 1.0. Affected is an unknown function of the file profile.php. The manipulation of the argument adminname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222984.
CVSS Score
3.5
EPSS Score
0.003
Published
2023-03-14