Security Vulnerabilities - CVEs Published In March 2024
An improper input validation in the Qualcom plctool allows a local attacker with low privileges to gain root access by changing the ownership of specific files.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-03-12
An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. The upload destination is fixed and is write only.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-03-12
An unauthenticated remote attacker can modify configurations to perform a remote code execution, gain root rights or perform an DoS due to improper input validation.
CVSS Score
9.8
EPSS Score
0.024
Published
2024-03-12
An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user.
CVSS Score
5.3
EPSS Score
0.006
Published
2024-03-12
An unauthenticated remote attacker can perform a log injection due to improper input validation. Only a certain log file is affected.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-03-12
The f(x) Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the API. This makes it possible for unauthenticated attackers to obtain page and post contents of a site protected with this plugin.
CVSS Score
5.3
EPSS Score
0.004
Published
2024-03-12
The Newsletter2Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ parameter in all versions up to, and including, 4.0.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
6.4
EPSS Score
0.001
Published
2024-03-12
Reflected cross-site scripting (XSS) vulnerability in Racktables v0.22.0 and before, allows local attackers to execute arbitrary code and obtain sensitive information via the search component in index.php.
CVSS Score
6.1
EPSS Score
0.004
Published
2024-03-12
Pleasanter 1.3.49.0 and earlier contains a cross-site scripting vulnerability. If an attacker tricks the user to access the product with a specially crafted URL and perform a specific operation, an arbitrary script may be executed on the web browser of the user.
CVSS Score
6.1
EPSS Score
0.007
Published
2024-03-12
Improper access control vulnerability exists in the specific folder of SKYSEA Client View versions from Ver.16.100 prior to Ver.19.2. If this vulnerability is exploited, an arbitrary file may be placed in the specific folder by a user who can log in to the PC where the product's Windows client is installed. In case the file is a specially crafted DLL file, arbitrary code may be executed with SYSTEM privilege.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-03-12