Security Vulnerabilities - CVEs Published In August 2019
cPanel before 62.0.17 allows access to restricted resources because of a URL filtering error (SEC-229).
CVSS Score
4.3
EPSS Score
0.002
Published
2019-08-05
cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232).
CVSS Score
6.3
EPSS Score
0.008
Published
2019-08-05
The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the server via path traversal in the filename parameter.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-08-05
In Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019.7.x before 2019.7.6, an authenticated system administrator is able to view sensitive values by visiting a server configuration page or making an API call.
CVSS Score
4.9
EPSS Score
0.005
Published
2019-08-05
In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution. This is fixed in 3.9.9.
CVSS Score
8.8
EPSS Score
0.0
Published
2019-08-05
pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP element.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-03
Das Q before 2019-08-02 allows web sites to execute arbitrary code on client machines, as demonstrated by a cross-origin /install request with an attacker-controlled releaseUrl, which triggers download and execution of code within a ZIP archive.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-08-03
A reflected cross-site scripting vulnerability exists on the customer cart checkout page of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by sending a victim a crafted URL that results in malicious javascript execution in the victim's browser.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-02
A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify store currency options to inject malicious javascript.
CVSS Score
4.8
EPSS Score
0.001
Published
2019-08-02
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create or edit a product can execute arbitrary code via malicious XML layout updates.
CVSS Score
7.2
EPSS Score
0.009
Published
2019-08-02