Security Vulnerabilities - CVEs Published In June 2024
Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Customizr.This issue affects Customizr: from n/a through 4.4.21.
CVSS Score
4.3
EPSS Score
0.003
Published
2024-06-21
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in vCita Online Booking & Scheduling Calendar for WordPress by vcita allows Stored XSS.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.4.0.
CVSS Score
6.5
EPSS Score
0.003
Published
2024-06-21
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cryout Creations Serious Slider allows Stored XSS.This issue affects Serious Slider: from n/a through 1.2.4.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-06-21
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme Freesia Excellent allows Stored XSS.This issue affects Excellent: from n/a through 1.2.9.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-06-21
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.4.4.
CVSS Score
5.4
EPSS Score
0.004
Published
2024-06-21
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 5 Star Plugins Easy Age Verify allows Stored XSS.This issue affects Easy Age Verify: from n/a through 1.8.2.
CVSS Score
5.9
EPSS Score
0.002
Published
2024-06-21
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme Horse Interface allows Stored XSS.This issue affects Interface: from n/a through 3.1.0.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-06-21
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpjobportal WP Job Portal wp-job-portal.This issue affects WP Job Portal: from n/a through <= 2.1.3.
CVSS Score
4.8
EPSS Score
0.002
Published
2024-06-21
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpjobportal WP Job Portal wp-job-portal allows DOM-Based XSS.This issue affects WP Job Portal: from n/a through <= 2.1.3.
CVSS Score
4.8
EPSS Score
0.004
Published
2024-06-21
In the Linux kernel, the following vulnerability has been resolved:
tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer
The TPM SPI transfer mechanism uses MAX_SPI_FRAMESIZE for computing the
maximum transfer length and the size of the transfer buffer. As such, it
does not account for the 4 bytes of header that prepends the SPI data
frame. This can result in out-of-bounds accesses and was confirmed with
KASAN.
Introduce SPI_HDRSIZE to account for the header and use to allocate the
transfer buffer.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-06-21