Security Vulnerabilities - CVEs Published In June 2023
An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs.
CVSS Score
6.1
EPSS Score
0.005
Published
2023-06-29
JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-06-29
Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution (RCE).
CVSS Score
8.8
EPSS Score
0.21
Published
2023-06-29
Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files present in the installation folder in the server's response.
CVSS Score
9.8
EPSS Score
0.914
Published
2023-06-29
Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code.
CVSS Score
6.1
EPSS Score
0.395
Published
2023-06-29
An issue was discovered with the JSESSION IDs in Xiamen Si Xin Communication Technology Video management system 3.1 thru 4.1 allows attackers to gain escalated privileges.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-06-29
Play With Docker < 0.0.2 has an insecure CAP_SYS_ADMIN privileged mode causing the docker container to escape.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-06-29
An unauthorized command injection vulnerability exists in the ActionLogin function of the webman.lua file in Ikuai router OS through 3.7.1.
CVSS Score
9.8
EPSS Score
0.013
Published
2023-06-29
itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote code execution can be achieved by entering malicious code in the date selection box.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-06-29
itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to SQL Injection. SQL injection points exist in the login password input box. This vulnerability can be exploited through time-based blind injection.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-06-29