Security Vulnerabilities - CVEs Published In April 2023
A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been classified as critical. Affected is an unknown function of the component Web Management Interface. The manipulation of the argument dpi leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227652.
CVSS Score
6.3
EPSS Score
0.01
Published
2023-04-28
Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS allows Privilege Escalation.This issue affects Workforce Access: from 6.12 before 8.1.
CVSS Score
7.0
EPSS Score
0.001
Published
2023-04-28
Improper Authentication vulnerability in HYPR Keycloak Authenticator Extension allows Authentication Abuse.This issue affects HYPR Keycloak Authenticator Extension: before 7.10.2, before 8.0.3.
CVSS Score
7.2
EPSS Score
0.001
Published
2023-04-28
mccms v2.6.3 is vulnerable to Cross Site Request Forgery (CSRF).
CVSS Score
8.8
EPSS Score
0.001
Published
2023-04-28
A vulnerability has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This vulnerability affects unknown code of the component Web Management Interface. The manipulation of the argument ecn-down leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227650 is the identifier assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.011
Published
2023-04-28
A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This issue affects some unknown processing of the component Web Management Interface. The manipulation of the argument src leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227651.
CVSS Score
6.3
EPSS Score
0.025
Published
2023-04-28
wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-04-28
EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting (XSS).
CVSS Score
6.1
EPSS Score
0.001
Published
2023-04-28
Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS via a container name.
CVSS Score
5.4
EPSS Score
0.01
Published
2023-04-28
Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies.
CVSS Score
5.3
EPSS Score
0.003
Published
2023-04-28