Security Vulnerabilities - CVEs Published In August 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random string added was known.
CVSS Score
5.3
EPSS Score
0.0
Published
2023-08-03
A vulnerability classified as problematic was found in PHP Jabbers Taxi Booking 2.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-235963. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
4.3
EPSS Score
0.253
Published
2023-08-03
A broken access control was found allowing for privileged escalation of the operator account to gain
administrator privileges.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-08-03
Due to insufficient file permissions, unprivileged users could gain access to unencrypted user credentials
that are used in the integration interface towards 3rd party systems.
CVSS Score
8.4
EPSS Score
0.001
Published
2023-08-03
Due to insufficient file permissions, unprivileged users could gain access to unencrypted administrator
credentials allowing the configuration of the application.
CVSS Score
8.4
EPSS Score
0.001
Published
2023-08-03
User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing for
arbitrary code execution.
CVSS Score
7.2
EPSS Score
0.002
Published
2023-08-03
Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-08-03
Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-08-03
A vulnerability was found in PHP Jabbers Night Club Booking Software 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-235961 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
4.3
EPSS Score
0.069
Published
2023-08-03
A vulnerability classified as problematic has been found in PHP Jabbers Cleaning Business 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. VDB-235962 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
4.3
EPSS Score
0.203
Published
2023-08-03