Security Vulnerabilities - CVEs Published In June 2023
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Popup Box Team Popup box plugin <= 3.4.4 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-06-21
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Automattic - Jetpack CRM team Jetpack CRM plugin <= 5.4.4 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-06-21
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WpSimpleTools Manage Upload Limit plugin <= 1.0.4 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-06-21
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.29.2 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-06-21
Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code.
CVSS Score
9.8
EPSS Score
0.196
Published
2023-06-21
There is a CSRF vulnerability on Netman-204 version 02.05. An attacker could manage to change administrator passwords through a Cross Site Request Forgery due to the lack of proper validation on the CRSF token. This vulnerability could allow a remote attacker to access the administrator panel, being able to modify different parameters that are critical for industrial operations.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-06-21
An access control issue in Registration.aspx of Temenos CWX 8.5.6 allows authenticated attackers to escalate privileges and perform arbitrary Administrative commands.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-06-21
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gl_SPICE New Adman plugin <= 1.6.8 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-06-21
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Grant Kimball Simple Vimeo Shortcode plugin <= 2.9.1 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-06-21
A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-06-21