Security Vulnerabilities - CVEs Published In April 2024
Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVSS Score
7.5
EPSS Score
0.001
Published
2024-04-17
Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. (Chromium security severity: Medium)
CVSS Score
6.1
EPSS Score
0.002
Published
2024-04-17
Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVSS Score
4.3
EPSS Score
0.006
Published
2024-04-17
Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
CVSS Score
4.3
EPSS Score
0.006
Published
2024-04-17
Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)
CVSS Score
4.3
EPSS Score
0.001
Published
2024-04-17
Inappropriate implementation in Prompts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVSS Score
4.3
EPSS Score
0.007
Published
2024-04-17
Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
CVSS Score
6.1
EPSS Score
0.001
Published
2024-04-17
Unrestricted Upload of File with Dangerous Type vulnerability in Poll Maker & Voting Plugin Team (InfoTheme) WP Poll Maker.This issue affects WP Poll Maker: from n/a through 3.4.
CVSS Score
9.9
EPSS Score
0.005
Published
2024-04-17
The coreActivity: Activity Logging plugin for WordPress plugin before 2.1 retrieved IP addresses of requests via headers such X-FORWARDED to log them, allowing users to spoof them by providing an arbitrary value
CVSS Score
5.3
EPSS Score
0.002
Published
2024-04-17
The Easy Social Feed WordPress plugin before 6.5.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin
CVSS Score
5.3
EPSS Score
0.001
Published
2024-04-17