Security Vulnerabilities - CVEs Published In May 2024
A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/scheduled.php, all parameters. This vulnerabilities could allow an attacker to create a specially crafted URL and send it to a victim to retrieve their session details.
CVSS Score
7.1
EPSS Score
0.002
Published
2024-05-28
A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/get_file.php, 'view' parameter. This vulnerabilities could allow an attacker to create a specially crafted URL and send it to a victim to retrieve their session details.
CVSS Score
7.1
EPSS Score
0.002
Published
2024-05-28
A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/backup.php, 'comments' and 'db' parameters. This vulnerabilities could allow an attacker to create a specially crafted URL and send it to a victim to retrieve their session details.
CVSS Score
7.1
EPSS Score
0.002
Published
2024-05-28
IBM Aspera Faspex 5.0.0 through 5.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260139.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-05-28
IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. Under certain configurations, this vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286830.
CVSS Score
4.9
EPSS Score
0.002
Published
2024-05-28
Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.
CVSS Score
5.4
EPSS Score
0.005
Published
2024-05-28
Missing input validation and OS command integration of the input in the ORing IAP-420 web-interface allows authenticated command injection.This issue affects IAP-420 version 2.01e and below.
CVSS Score
8.8
EPSS Score
0.272
Published
2024-05-28
Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26), As the communication buffer size hasn’t been properly validated to be of the expected size, it can partially overlap with the beginning SMRAM.This can be leveraged by a malicious OS attacker to corrupt data structures stored at the beginning of SMRAM and can potentially lead to code execution in SMM.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-05-28
Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory thus potentially leading code execution in SMM
CVSS Score
7.8
EPSS Score
0.0
Published
2024-05-28
Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory, thus potentially leading code execution in SMM
CVSS Score
7.8
EPSS Score
0.0
Published
2024-05-28