Security Vulnerabilities - CVEs Published In August 2019
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine.
CVSS Score
6.1
EPSS Score
0.02
Published
2019-08-27
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form.
CVSS Score
6.1
EPSS Score
0.043
Published
2019-08-27
In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface.
CVSS Score
6.1
EPSS Score
0.043
Published
2019-08-27
In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, group_new.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp.
CVSS Score
4.3
EPSS Score
0.041
Published
2019-08-27
The ultimate-faqs plugin before 1.8.22 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-27
The zoho-salesiq plugin before 1.0.9 for WordPress has stored XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-27
The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-08-27
The rsvpmaker plugin before 6.2 for WordPress has SQL injection.
CVSS Score
9.8
EPSS Score
0.007
Published
2019-08-27
The groundhogg plugin before 1.3.5 for WordPress has wp-admin/admin-ajax.php?action=bulk_action_listener remote code execution.
CVSS Score
8.8
EPSS Score
0.11
Published
2019-08-27
The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes list.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-27