Security Vulnerabilities - CVEs Published In July 2023
A vulnerability, which was classified as critical, was found in SourceCodester AC Repair and Services System 1.0. Affected is an unknown function of the file Master.php?f=delete_book of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-234012.
CVSS Score
6.3
EPSS Score
0.0
Published
2023-07-13
A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/?page=user/manage_user. The manipulation of the argument firstname/middlename leads to cross site scripting. The attack can be launched remotely. The identifier VDB-234013 was assigned to this vulnerability.
CVSS Score
3.5
EPSS Score
0.001
Published
2023-07-13
Experion server may experience a DoS due to a stack overflow when handling a specially crafted message.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-07-13
Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation.
See Honeywell Security Notification for recommendations on upgrading and versioning.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-07-13
Experion server may experience a DoS due to a heap overflow which could occur when handling a specially crafted message
CVSS Score
7.5
EPSS Score
0.0
Published
2023-07-13
Controller DoS due to stack overflow when decoding a message from the server.
See Honeywell Security Notification for recommendations on upgrading and versioning.
CVSS Score
9.8
EPSS Score
0.0
Published
2023-07-13
Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy.
CVSS Score
4.7
EPSS Score
0.001
Published
2023-07-13
Currently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field “Attribution text” when selected “Other” Tile provider.
CVSS Score
5.5
EPSS Score
0.018
Published
2023-07-13
Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application saves the payload (e.g., in a database or server-side text files), and finally, the application unintentionally executes the payload for every victim visiting its web pages.
CVSS Score
5.4
EPSS Score
0.005
Published
2023-07-13
Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts.
CVSS Score
5.4
EPSS Score
0.007
Published
2023-07-13