Security Vulnerabilities - CVEs Published In August 2023
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.
CVSS Score
9.8
EPSS Score
0.94
Published
2023-08-01
LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-01
LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-01
In PowerShell App Deployment Toolkit (aka PSAppDeployToolkit) through 3.8.0, an incorrect access control vulnerability in the default configuration may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-08-01
HCL Verse is susceptible to a Stored Cross Site Scripting (XSS) vulnerability. An attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information.
CVSS Score
8.3
EPSS Score
0.002
Published
2023-08-01
Online Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability via the Email parameter at /shopping/login.php.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-08-01
OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-08-01
Page 248