Security Vulnerabilities - CVEs Published In June 2024
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS Score
4.7
EPSS Score
0.003
Published
2024-06-20
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS Score
4.3
EPSS Score
0.006
Published
2024-06-20
Strapi v4.24.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /strapi.io/_next/image. This vulnerability allows attackers to scan for open ports or access sensitive information via a crafted GET request. NOTE: The Strapi Development Community argues that this issue is not valid. They contend that "the strapi/admin was wrongly attributed a flaw that only pertains to the strapi.io website, and which, at the end of the day, does not pose any real SSRF risk to applications that make use of the Strapi library."
CVSS Score
8.6
EPSS Score
0.001
Published
2024-06-20
There is a cross-site scripting vulnerability in the policy
management UI of Absolute Secure Access prior to version 13.06. Attackers can
interfere with a system administrator’s use of the policy management UI when
the attacker convinces the victim administrator to follow a crafted link to the
vulnerable component while the attacking administrator is authenticated to the
console. The scope is unchanged, there is no loss of confidentiality. Impact to
system integrity is high, impact to system availability is none.
CVSS Score
6.5
EPSS Score
0.005
Published
2024-06-20
There is a cross-site scripting vulnerability in the
management UI of Absolute Secure Access prior to version 13.06. Attackers with
system administrator permissions can interfere with other system
administrator’s use of the management UI when the second administrator later
edits the same management object. This vulnerability is distinct from CVE-2024-37348 and
CVE-2024-37349. The scope is unchanged, there is no loss of confidentiality. Impact
to system integrity is high, impact to system availability is none.
CVSS Score
4.5
EPSS Score
0.003
Published
2024-06-20
There is a cross-site scripting vulnerability in the
management UI of Absolute Secure Access prior to version 13.06 that allows
attackers with system administrator permissions to interfere with other system
administrators’ use of the management UI when the second administrator accesses
the vulnerable page. The scope is unchanged, there is no loss of
confidentiality. Impact to system integrity is high, impact to system
availability is none.
CVSS Score
4.5
EPSS Score
0.003
Published
2024-06-20
Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity.
CVSS Score
5.5
EPSS Score
0.013
Published
2024-06-20
There is a cross-site scripting vulnerability in the
management UI of Absolute Secure Access prior to version 13.06. Attackers with
system administrator permissions can interfere with other system
administrator’s use of the management UI when the victim administrator edits
the same management object. This vulnerability is distinct from CVE-2024-37348 and
CVE-2024-37351. The scope is unchanged, there is no loss of confidentiality. Impact
to system integrity is high, impact to system availability is none.
CVSS Score
4.5
EPSS Score
0.003
Published
2024-06-20
There is a cross-site
scripting vulnerability in the management UI of Absolute Secure Access prior to
version 13.06. Attackers with system administrator permissions can interfere
with another system administrator’s use of the management UI when the second
administrator later edits the same management object. This vulnerability is
distinct from CVE-2024-37349 and CVE-2024-37351. The scope is unchanged,
there is no loss of confidentiality. Impact to system integrity is high, impact
to system availability is none.
CVSS Score
4.5
EPSS Score
0.003
Published
2024-06-20
A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 firmware allows a remote attacker to execute arbitrary code via the iface parameter in the vif_enable function.
CVSS Score
8.8
EPSS Score
0.017
Published
2024-06-20