Security Vulnerabilities - CVEs Published In April 2023
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podlove Podlove Podcast Publisher plugin <= 3.8.2 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-04-07
A vulnerability, which was classified as problematic, was found in zhenfeng13 My-Blog. Affected is an unknown function of the file /admin/configurations/userInfo. The manipulation of the argument yourAvatar/yourName/yourEmail leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-225264.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-04-07
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Veribo, Roland Murg WP Booking System – Booking Calendar plugin <= 2.0.18 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-04-07
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in avalex GmbH avalex – Automatically secure legal texts plugin <= 3.0.3 versions.
CVSS Score
5.9
EPSS Score
0.002
Published
2023-04-07
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1.1 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-04-07
Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A low-privileged attacker could potentially exploit this vulnerability to elevate privileges on the system.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-04-07
BiblioCraft before 2.4.6 does not sanitize path-traversal characters in filenames, allowing restricted write access to almost anywhere on the filesystem. This includes the Minecraft mods folder, which results in code execution.
CVSS Score
9.8
EPSS Score
0.05
Published
2023-04-07
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg.
CVSS Score
9.8
EPSS Score
0.015
Published
2023-04-07
TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the org parameter at setting/delStaticDhcpRules.
CVSS Score
9.8
EPSS Score
0.015
Published
2023-04-07
codefever before 2023.2.7-commit-b1c2e7f was discovered to contain a remote code execution (RCE) vulnerability via the component /controllers/api/user.php.
CVSS Score
8.8
EPSS Score
0.014
Published
2023-04-07