Security Vulnerabilities - CVEs Published In April 2024
Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker WebDirect login endpoint. The vulnerability was resolved in FileMaker Server 20.3.2 by escaping the HTML contents of the login error message on the login page.
CVSS Score
6.1
EPSS Score
0.007
Published
2024-04-15
A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-04-15
A specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automation's ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and 1756-EN4TR. If exploited, the affected product will become unavailable and require a manual restart to recover it. Additionally, an MNRF could result in a loss of view and/or control of connected devices.
CVSS Score
8.6
EPSS Score
0.001
Published
2024-04-15
An input validation vulnerability exists in the Rockwell Automation 5015-AENFTXT that causes the secondary adapter to result in a major nonrecoverable fault (MNRF) when malicious input is entered. If exploited, the availability of the device will be impacted, and a manual restart is required. Additionally, a malformed PTP packet is needed to exploit this vulnerability.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-04-15
An issue in Fireboltt Dream Wristphone BSW202_FB_AAC_v2.0_20240110-20240110-1956 allows attackers to cause a Denial of Service (DoS) via a crafted deauth frame.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-04-15
An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows attackers to execute arbitrary code via uploading a crafted file.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-04-15
HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-04-15
HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values.
CVSS Score
4.3
EPSS Score
0.004
Published
2024-04-15
Cross Site Scripting (XSS) in Insurance Management System v1.0, allows remote attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter at /core/new_category2.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-04-15
A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-04-15