Security Vulnerabilities - CVEs Published In March 2023
An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.
CVSS Score
6.7
EPSS Score
0.002
Published
2023-03-23
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the host_name parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS Score
9.8
EPSS Score
0.008
Published
2023-03-23
A vulnerability in TOTOLINK CP900 V6.3c.566 allows attackers to start the Telnet service,
CVSS Score
9.8
EPSS Score
0.002
Published
2023-03-23
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in this.Functional CTT Expresso para WooCommerce plugin <= 3.2.11 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-03-23
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WPMobile.App WPMobile.App — Android and iOS Mobile Application plugin <= 11.13 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-03-23
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media WP eBay Product Feeds plugin <= 3.3.1 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-03-23
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Winwar Media WP Flipclock plugin <= 1.7.4 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-03-23
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Lester 'GaMerZ' Chan WP-CommentNavi plugin <= 1.12.1 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-03-23
Auth. (admin+) Cross-Site Scripting vulnerability in OOPSpam OOPSpam Anti-Spam plugin <= 1.1.35 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-03-23
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in MainWP MainWP Code Snippets Extension plugin <= 4.0.2 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-03-23