Security Vulnerabilities - CVEs Published In July 2024
ICEcoder 8.1 contains a Path Traversal vulnerability via lib/backup-versions-preview-loader.php.
CVSS Score
6.3
EPSS Score
0.002
Published
2024-07-26
ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/settings-screen.php
CVSS Score
6.1
EPSS Score
0.001
Published
2024-07-26
ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/terminal-xhr.php
CVSS Score
6.1
EPSS Score
0.001
Published
2024-07-26
txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Prior to version 1.7.0, a Server-Side Request Forgery (SSRF) vulnerability in the `/get` route of txtdot allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network. Version 1.7.0 prevents displaying the response of forged requests, but the requests can still be sent. For complete mitigation, a firewall between txtdot and other internal network resources should be set.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-07-26
txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Starting in version 1.4.0 and prior to version 1.6.1, a Server-Side Request Forgery (SSRF) vulnerability in the `/proxy` route of txtdot allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network. Version 1.6.1 patches the issue.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-07-26
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/tools/request-ip/index.php.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-07-26
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\firewall-zones\zones-edit-network.php.
CVSS Score
4.7
EPSS Score
0.001
Published
2024-07-26
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/powerDNS/record-edit.php.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-07-26
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. IBM X-Force ID: 297719.
CVSS Score
6.0
EPSS Score
0.002
Published
2024-07-26
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to improper implementation of password policies. A local attacker could exploit this by creating password that do not adhere to the defined security standards/policy on the vulnerable system.
Successful exploitation of this vulnerability could allow the attacker to expose the router to potential security threats.
CVSS Score
3.3
EPSS Score
0.0
Published
2024-07-26