Security Vulnerabilities - CVEs Published In March 2024
pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. NOTE: the references section has an archived copy of pictureproxy.php from its original GitHub location, but the repository name might later change because it is misleading.
CVSS Score
5.8
EPSS Score
0.923
Published
2024-03-05
Online Flight Booking Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the feedback form.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-03-05
Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection via the News Feed.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-03-05
A remote code execution vulnerability has been identified in the User Defined Tags module of CMS Made Simple version 2.2.19 / 2.2.21. This vulnerability arises from inadequate sanitization of user-supplied input in the 'Code' section of the module. As a result, authenticated users with administrative privileges can inject and execute arbitrary PHP code.
CVSS Score
7.2
EPSS Score
0.047
Published
2024-03-05
CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design Manager, particularly when editing the Breadcrumbs.
CVSS Score
5.9
EPSS Score
0.001
Published
2024-03-05
CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting (XSS). This vulnerability resides in the File Manager module of the admin panel. Specifically, the issue arises due to inadequate sanitization of user input in the "New directory" field.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-03-05
Cross-Site Scripting (XSS) vulnerability stored in TP-Link Archer AX50 affecting firmware version 1.0.11 build 2022052. This vulnerability could allow an unauthenticated attacker to create a port mapping rule via a SOAP request and store a malicious JavaScript payload within that rule, which could result in an execution of the JavaScript payload when the rule is loaded.
CVSS Score
6.1
EPSS Score
0.01
Published
2024-03-05
Authentication Bypass by Primary Weakness vulnerability in ZKSoftware Biometric Security Solutions UFace 5 allows Authentication Bypass.This issue affects UFace 5: through 12022024.
CVSS Score
9.8
EPSS Score
0.0
Published
2024-03-05
A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the “file_configuration” functionality of the web application (concerning the function “export_file”) allows a remote authenticated attacker to inject arbitrary formulas inside generated CSV files. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.
CVSS Score
5.9
EPSS Score
0.003
Published
2024-03-05
A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “measure” functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-03-05