Security Vulnerabilities - CVEs Published In August 2024
A reflected cross-site scripting (XSS) vulnerability exists in user/login.php at line 24 in ZZCMS 2023 and earlier. The application directly inserts the value of the HTTP_REFERER header into the HTML response without proper sanitization. An attacker can exploit this vulnerability by tricking a user into visiting a specially crafted URL, which includes a malicious Referer header. This can lead to the execution of arbitrary JavaScript code in the context of the victim's browser, potentially resulting in session hijacking, defacement, or other malicious activities.
CVSS Score
4.7
EPSS Score
0.003
Published
2024-08-16
An arbitrary file deletion vulnerability exists in the admin/del.php file at line 62 in ZZCMS 2023 and earlier. Due to insufficient validation and sanitization of user input for file paths, an attacker can exploit this vulnerability by using directory traversal techniques to delete arbitrary files on the server. This can lead to the deletion of critical files, potentially disrupting the normal operation of the system.
CVSS Score
4.9
EPSS Score
0.013
Published
2024-08-16
Pluck CMS 4.7.18 does not restrict failed login attempts, allowing attackers to execute a brute force attack.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-08-16
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVSS Score
5.8
EPSS Score
0.009
Published
2024-08-16
IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the request. This information could be used in further attacks against the system. IBM X-Force ID: 272201.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-08-16
An issue in Silverpeas v.6.4.2 and lower allows a remote attacker to cause a denial of service via the password change function.
CVSS Score
6.5
EPSS Score
0.176
Published
2024-08-16
An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements.
CVSS Score
9.8
EPSS Score
0.394
Published
2024-08-16
IBM Security Directory Integrator 7.2.0 and Security Verify Directory Integrator 10.0.0 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources, at the privilege level of a standard unprivileged user. IBM X-Force ID: 228570.
CVSS Score
7.3
EPSS Score
0.004
Published
2024-08-16
H3C GR1100-P v100R009 was discovered to use a hardcoded password in /etc/shadow, which allows attackers to log in as root.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-08-16
H3C R3010 v100R002L02 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-08-16