Security Vulnerabilities - CVEs Published In May 2023
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <= 2.2.35 versions.
CVSS Score
7.1
EPSS Score
0.672
Published
2023-05-16
An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change the Administrator password and escalate privileges via a crafted request.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-05-16
An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-05-16
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.
CVSS Score
6.3
EPSS Score
0.0
Published
2023-05-16
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPmanage Uji Popup plugin <= 1.4.3 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-05-16
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Richard Leishman t/a Webforward Mail Subscribe List plugin <= 2.1.9 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-05-16
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Arconix Shortcodes plugin <= 2.1.7 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-05-16
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Denis WPJAM Basic plugin <= 6.2.1 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-05-16
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NetReviews SAS Verified Reviews (Avis Vérifiés) plugin <= 2.3.13 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-05-16
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Harish Chouhan, Themeist I Recommend This plugin <= 3.8.3 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-05-16