Security Vulnerabilities - CVEs Published In August 2023
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.
CVSS Score
6.8
EPSS Score
0.001
Published
2023-08-18
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems, this variable can be overwritten using operating system APIs. Exploitation of this vulnerability could potentially lead to denial of service for the platform.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-08-18
Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks.
CVSS Score
8.8
EPSS Score
0.031
Published
2023-08-18
A vulnerability was found in Byzoro Smart S85F Management Platform up to 20230807. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-237517 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
6.3
EPSS Score
0.049
Published
2023-08-18
A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-237518 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
7.3
EPSS Score
0.92
Published
2023-08-18
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spiffy Plugins Spiffy Calendar plugin <= 4.9.3 versions.
CVSS Score
5.8
EPSS Score
0.001
Published
2023-08-18
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.6 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-08-18
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On line plugin <= 4.6.3 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-08-18
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On line plugin <= 4.6.3 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-08-18
A vulnerability was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This issue affects the function setWanCfg. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237515. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
6.3
EPSS Score
0.011
Published
2023-08-18