Security Vulnerabilities - CVEs Published In July 2023
Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to execute arbitrary code.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-07-06
SQL Injection vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to gain sensitive information.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-07-06
SQL Injection vulnerability in textMessage parameter in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine v.1.0, allows attackers to gain sensitive information.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-07-06
Cross Site Scripting (XSS) vulnerability in username field in /WebContent/WEB-INF/lib/chatbox.jsp in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-07-06
Novu provides an API for sending notifications through multiple channels. Versions prior to 0.16.0 contain an open redirect vulnerability in the "Sign In with GitHub" functionality of Novu's open-source repository. It could have allowed an attacker to force a victim into opening a malicious URL and thus, potentially log into the repository under the victim's account gaining full control of the account. This vulnerability only affected the Novu Cloud and Open-Source deployments if the user manually enabled the GitHub OAuth on their self-hosted instance of Novu. Users should upgrade to version 0.16.0 to receive a patch.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-07-06
CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function.
CVSS Score
8.8
EPSS Score
0.626
Published
2023-07-06
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the gre_ip and the gre_mask variables.
CVSS Score
7.2
EPSS Score
0.001
Published
2023-07-06
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the username and the password variables.
CVSS Score
7.2
EPSS Score
0.001
Published
2023-07-06
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the secrets_remote variable.
CVSS Score
7.2
EPSS Score
0.001
Published
2023-07-06
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the local_virtual_ip and the local_virtual_mask variables.
CVSS Score
7.2
EPSS Score
0.001
Published
2023-07-06