Security Vulnerabilities - CVEs Published In March 2023
Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/absence?search_month=1.
CVSS Score
6.5
EPSS Score
0.004
Published
2023-03-29
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeffrey-WP Media Library Categories pluginĀ <= 1.9.9 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-03-29
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.20.
CVSS Score
4.0
EPSS Score
0.0
Published
2023-03-29
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20.
CVSS Score
4.0
EPSS Score
0.0
Published
2023-03-29
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20.
CVSS Score
5.3
EPSS Score
0.0
Published
2023-03-29
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.20.
CVSS Score
5.1
EPSS Score
0.0
Published
2023-03-29
The Mega Main Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-03-29
A vulnerability, which was classified as problematic, has been found in Xunrui CMS 4.61. This issue affects some unknown processing of the file /dayrui/My/View/main.html. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224237 was assigned to this vulnerability.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-03-29
Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function.
CVSS Score
5.4
EPSS Score
0.011
Published
2023-03-29
Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleaner_Debug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link.
CVSS Score
7.8
EPSS Score
0.005
Published
2023-03-29