Security Vulnerabilities - CVEs Published In August 2019
Various Lexmark products have Incorrect Access Control (issue 1 of 2).
CVSS Score
5.3
EPSS Score
0.002
Published
2019-08-28
Various Lexmark products have Incorrect Access Control.
CVSS Score
9.1
EPSS Score
0.003
Published
2019-08-28
A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages.
CVSS Score
4.8
EPSS Score
0.006
Published
2019-08-28
Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-08-28
The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVSS Score
6.1
EPSS Score
0.004
Published
2019-08-28
WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsafe OS defaults.
CVSS Score
5.5
EPSS Score
0.0
Published
2019-08-28
Membership Add-on for iThemes Exchange before 1.3.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVSS Score
6.1
EPSS Score
0.004
Published
2019-08-28
PayPal Pro Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVSS Score
6.1
EPSS Score
0.004
Published
2019-08-28
Stripe Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVSS Score
6.1
EPSS Score
0.004
Published
2019-08-28
Table Rate Shipping Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVSS Score
6.1
EPSS Score
0.004
Published
2019-08-28