Security Vulnerabilities - CVEs Published In August 2019
django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_reverse_inline.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-23
DfE School Experience before v16333-GA has XSS via a teacher training URL.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-23
Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-23
openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-08-23
openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-08-23
openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-23
openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-08-23
openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-08-23
The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, because attackers can find these numbers via the Group Info feature, e.g., by adding a significant fraction of a region's assigned phone numbers.
CVSS Score
5.3
EPSS Score
0.05
Published
2019-08-23
Former before 4.2.1 has XSS via a checkbox value.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-08-23