Security Vulnerabilities - CVEs Published In April 2023
A vulnerability, which was classified as problematic, has been found in Icons for Features Plugin 1.0.0 on WordPress. Affected by this issue is some unknown functionality of the file classes/class-icons-for-features-admin.php. The manipulation of the argument redirect_url leads to open redirect. The attack may be launched remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 63124c021ae24b68e56872530df26eb4268ad633. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227756.
CVSS Score
3.5
EPSS Score
0.001
Published
2023-04-30
Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
CVSS Score
6.6
EPSS Score
0.002
Published
2023-04-30
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-04-30
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.
CVSS Score
6.8
EPSS Score
0.0
Published
2023-04-29
IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-04-29
A vulnerability was found in DedeCMS 5.7.106 and classified as critical. Affected by this issue is the function UpDateMemberModCache of the file uploads/dede/config.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227750 is the identifier assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-04-29
A vulnerability was found in SourceCodester Simple Student Information System 1.0. It has been classified as problematic. This affects an unknown part of the file /classes/Master.php?f=save_course of the component Add New Course. The manipulation of the argument name with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227751.
CVSS Score
2.4
EPSS Score
0.001
Published
2023-04-29
Anchor tag hrefs in Lexical prior to v0.10.0 would render javascript: URLs, allowing for cross-site scripting on link clicks in cases where input was being parsed from untrusted sources.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-04-29
IBM Spectrum Scale Container Native Storage Access
5.1.2.1 through 5.1.6.0
contains an unspecified vulnerability that could allow a local user to obtain root privileges. IBM X-Force ID: 237810.
CVSS Score
8.4
EPSS Score
0.0
Published
2023-04-29
IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239707.
CVSS Score
4.6
EPSS Score
0.001
Published
2023-04-29
Page 1