Security Vulnerabilities - CVEs Published In June 2023
Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment field.
CVSS Score
6.1
EPSS Score
0.004
Published
2023-06-08
Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access and modify another student's personal notes.
CVSS Score
8.1
EPSS Score
0.002
Published
2023-06-08
Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In versions 3.06 and prior, the file `panorama.pm` is vulnerable to a Path Traversal vulnerability which allows an attacker to upload a file to any folder which has write permissions on the affected system. The parameter location is not filtered, validated or sanitized and it accepts any kind of characters. For a path traversal attack, the only characters required were the dot (`.`) and the slash (`/`). A fix is available in version 3.06.2.
CVSS Score
6.5
EPSS Score
0.451
Published
2023-06-08
Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-06-08
A vulnerability was found in SourceCodester Life Insurance Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file insertNominee.php of the component POST Parameter Handler. The manipulation of the argument nominee_id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231109 was assigned to this vulnerability.
CVSS Score
3.5
EPSS Score
0.001
Published
2023-06-08
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/saveParentControlInfo.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-06-08
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-06-08
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-06-08
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-06-08
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter devName at /goform/SetOnlineDevName.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-06-08