Security Vulnerabilities - CVEs Published In June 2023
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.0-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, tags from pages not viewable to the current user are leaked by the tags API. This information can also be exploited to infer the document reference of non-viewable pages. This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0-rc-1.
CVSS Score
4.3
EPSS Score
0.002
Published
2023-06-23
FastAsyncWorldEdit (FAWE) is designed for efficient world editing. This vulnerability enables the attacker to select a region with the `Infinity` keyword (case-sensitive!) and executes any operation. This has a possibility of bringing the performing server down. This issue has been fixed in version 2.6.3.
CVSS Score
6.2
EPSS Score
0.002
Published
2023-06-23
An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_product allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database.
CVSS Score
7.5
EPSS Score
0.194
Published
2023-06-23
An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller parameter.
CVSS Score
6.1
EPSS Score
0.205
Published
2023-06-23
A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file detailview.php. The manipulation of the argument employeeid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232288.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-06-23
LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-06-23
LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-06-23
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-06-23
LibreDWG v0.11 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-06-23
An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via GET configure parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-06-23