Security Vulnerabilities - CVEs Published In June 2023
Cross Site Scripting (XSS) vulnerability in GBCOM LAC WEB Control Center version lac-1.3.x, allows attackers to create an arbitrary device.
CVSS Score
4.8
EPSS Score
0.001
Published
2023-06-22
An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter version RPT70HA1.x, allows attackers to force a factory reset via crafted payload.
CVSS Score
7.5
EPSS Score
0.05
Published
2023-06-22
An issue was discovered in /cgi-bin/login_rj.cgi in Wildix WSG24POE version 103SP7D190822, allows attackers to bypass authentication.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-06-22
laravel-s 3.7.35 is vulnerable to Local File Inclusion via /src/Illuminate/Laravel.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-06-22
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPBakery Page Builder plugin <= 6.13.0 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-06-22
A reflected cross-site scripting (XSS) vulnerability in DATEV eG Personal-Management System Comfort/Comfort Plus v15.1.0 to v16.1.1 P4 allows attackers to steal targeted users' login data by sending a crafted link.
CVSS Score
6.1
EPSS Score
0.005
Published
2023-06-22
Jeesite before commit 10742d3 was discovered to contain a SQL injection vulnerability via the component ${businessTable} at /act/ActDao.xml.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-06-22
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.7 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-06-22
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in WP Chill Brilliance theme <= 1.3.1 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-06-22
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prism Tech Studios Modern Footnotes plugin <= 1.4.15 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-06-22