Security Vulnerabilities - CVEs Published In June 2023
Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.
CVSS Score
7.8
EPSS Score
0.271
Published
2023-06-05
Cross-site Scripting (XSS) - Stored in GitHub repository admidio/admidio prior to 4.2.8.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-06-05
Gitpod before 2022.11.3 allows XSS because redirection can occur for some protocols outside of the trusted set of three (vscode: vscode-insiders: jetbrains-gateway:).
CVSS Score
6.1
EPSS Score
0.001
Published
2023-06-05
MarsCTF 1.2.1 has an arbitrary file upload vulnerability in the interface for uploading attachments in the background.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-06-05
emoncms v11 and later was discovered to contain an information disclosure vulnerability which allows attackers to obtain the web directory path and other information leaked by the server via a crafted web request.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-06-05
The ConvertKit WordPress plugin before 2.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVSS Score
6.1
EPSS Score
0.001
Published
2023-06-05
The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.61 does not sanitise and escape a parameter before outputting it back in the admin dashboard when the WPML plugin is also active and configured, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVSS Score
6.1
EPSS Score
0.001
Published
2023-06-05
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVSS Score
6.1
EPSS Score
0.003
Published
2023-06-05
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS Score
4.8
EPSS Score
0.001
Published
2023-06-05
The 10Web Social Post Feed WordPress plugin before 1.2.9 does not sanitise and escape some parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVSS Score
6.1
EPSS Score
0.001
Published
2023-06-05