Security Vulnerabilities - CVEs Published In July 2023
The Export All URLs WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVSS Score
6.1
EPSS Score
0.001
Published
2023-07-10
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.
In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks.
This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10
CVSS Score
5.0
EPSS Score
0.001
Published
2023-07-10
Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Potent Donations for WooCommerce plugin <= 1.1.9 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-07-10
Cross-Site Scripting (XSS) vulnerability in Hostel Management System v.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the add course section.
CVSS Score
4.8
EPSS Score
0.001
Published
2023-07-10
Cross-Site Request Forgery (CSRF) vulnerability in Albert Peschar WebwinkelKeur plugin <= 3.24 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-07-10
Sourcecodester Online Pizza Ordering System v1.0 has a Cross-site scripting (XSS) vulnerability in "/admin/index.php?page=categories" Category item.
CVSS Score
6.1
EPSS Score
0.003
Published
2023-07-10
Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page. Note: This has been disputed as not a valid vulnerability.
CVSS Score
9.8
EPSS Score
0.011
Published
2023-07-10
KodExplorer 4.51 contains a Cross-Site Scripting (XSS) vulnerability in the Description box of the Light App creation feature. An attacker can exploit this vulnerability by injecting XSS syntax into the Description field.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-07-10
Cross-Site Request Forgery (CSRF) vulnerability in Deepak Anand WP Dummy Content Generator plugin <= 2.3.0 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-07-10
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID:
253361
.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-07-10