Security Vulnerabilities - CVEs Published In April 2023
Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin <= 6.0.2.0 versions.
CVSS Score
5.4
EPSS Score
0.0
Published
2023-04-04
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in RadiusTheme Portfolio – WordPress Portfolio plugin <= 2.8.10 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-04-04
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brett Shumaker Simple Staff List plugin <= 2.2.2 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-04-04
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcin Pietrzak Interactive Polish Map plugin <= 1.2 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-04-04
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS plugin <= 4.3.9 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-04-04
Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of privileges, and information disclosure. This vulnerability breaks the compliance mode guarantee.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-04-04
Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability. A malicious network user with low privileges could potentially exploit this vulnerability in SMB, leading to a potential denial of service.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-04-04
Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. A high privileged local attacker could potentially exploit this vulnerability, leading to system takeover and it breaks the compliance mode guarantees.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-04-04
A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-04-04
A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code.
CVSS Score
7.2
EPSS Score
0.001
Published
2023-04-04