Security Vulnerabilities - CVEs Published In July 2024
Improper Neutralization of Input During Web Page Generation vulnerability in Stackposts Social Marketing Tool allows Cross-site Scripting (XSS) attack. By submitting the payload in the username during registration, it can be executed later in the application panel. This could lead to the unauthorised acquisition of information (e.g. cookies from a logged-in user). After multiple attempts to contact the vendor we did not receive any answer. Our team has confirmed the existence of this vulnerability. We suppose this issue affects Social Marketing Tool in all versions.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-07-30
SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS Score
9.8
EPSS Score
0.001
Published
2024-07-30
A vulnerability was found in SourceCodester Insurance Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /Script/admin/core/update_policy of the component Edit Insurance Policy Page. The manipulation of the argument pname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272805 was assigned to this vulnerability.
CVSS Score
3.5
EPSS Score
0.0
Published
2024-07-30
A vulnerability was found in SourceCodester Medicine Tracker System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /classes/Users.php?f=save_user of the component Password Change Handler. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272806 is the identifier assigned to this vulnerability.
CVSS Score
4.3
EPSS Score
0.0
Published
2024-07-30
Mashov - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CVSS Score
6.1
EPSS Score
0.001
Published
2024-07-30
Matrix - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Score
5.4
EPSS Score
0.001
Published
2024-07-30
Matrix Tafnit v8
-
CWE-204: Observable Response Discrepancy
CVSS Score
5.3
EPSS Score
0.002
Published
2024-07-30
Matrix Tafnit v8
-
CWE-646: Reliance on File Name or Extension of Externally-Supplied File
CVSS Score
5.5
EPSS Score
0.001
Published
2024-07-30
Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge
any token to log in any user.
Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token.
This issue affects Apache SeaTunnel: 1.0.0.
Users are recommended to upgrade to version 1.0.1, which fixes the issue.
CVSS Score
9.1
EPSS Score
0.004
Published
2024-07-30
Matrix Tafnit v8
- CWE-552: Files or Directories Accessible to External Parties
CVSS Score
7.5
EPSS Score
0.002
Published
2024-07-30