Security Vulnerabilities - CVEs Published In May 2023
A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task field.
CVSS Score
5.4
EPSS Score
0.006
Published
2023-05-04
CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via application/admin/controller/Template.php:update.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-05-04
CLTPHP <=6.0 is vulnerable to Improper Input Validation.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-05-04
illumos illumos-gate before 676abcb has a stack buffer overflow in /dev/net, leading to privilege escalation via a stat on a long file name in /dev/net.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-05-04
A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to a missing authentication process within the firmware upgrade function. An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware. A successful exploit could allow the attacker to execute arbitrary code on the affected device with full privileges. Cisco has not released firmware updates to address this vulnerability.
CVSS Score
9.8
EPSS Score
0.716
Published
2023-05-04
An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-05-04
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GMO Internet Group, Inc. TypeSquare Webfonts for ConoHa plugin <= 2.0.3 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-05-04
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Catch Themes Darcie theme <= 1.1.5 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-05-04
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 9seeds.Com CPT – Speakers plugin <= 1.1 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-05-04
A vulnerability classified as critical has been found in Control iD RHiD 23.3.19.0. This affects an unknown part of the file /v2/#/. The manipulation leads to direct request. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-228015. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-05-04