Security Vulnerabilities - CVEs Published In August 2019
CMS Clipper 1.3.3 has XSS in the Security tab search, User Groups, Resource Groups, and User/Resource Group Links fields.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-08-15
Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-08-15
Arista EOS through 4.21.0F allows a crash because 802.1x authentication is mishandled.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-08-15
Prospecta Master Data Online (MDO) 2.0 has Stored XSS.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-08-15
Evolution CMS 2.0.x allows XSS via a description and new category location in a template. NOTE: the vendor states that the behavior is consistent with the "access policy in the administration panel.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-08-15
The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress has XSS in CSS edition.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-15
The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-08-15
wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value.
CVSS Score
8.8
EPSS Score
0.017
Published
2019-08-15
The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin/admin.php?page=c4p-main page parameter.
CVSS Score
6.1
EPSS Score
0.009
Published
2019-08-15
A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php.
CVSS Score
9.8
EPSS Score
0.03
Published
2019-08-15