Security Vulnerabilities - CVEs Published In September 2019
WordPress before 5.2.3 allows XSS in stored comments.
CVSS Score
6.1
EPSS Score
0.011
Published
2019-09-11
WordPress before 5.2.3 allows XSS in shortcode previews.
CVSS Score
6.1
EPSS Score
0.022
Published
2019-09-11
In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect if a provided URL path does not start with a forward slash.
CVSS Score
6.1
EPSS Score
0.007
Published
2019-09-11
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account.
CVSS Score
7.5
EPSS Score
0.097
Published
2019-09-11
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail usage value of a victim account via an attacker account.
CVSS Score
4.3
EPSS Score
0.002
Published
2019-09-11
In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting (XFS) attack through the EDIT MY PROFILE feature.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-09-11
Libra Core before 2019-09-03 has an erroneous regular expression for inline comments, which makes it easier for attackers to interfere with code auditing by using a nonstandard line-break character for a comment. For example, a Move module author can enter the // sequence (which introduces a single-line comment), followed by very brief comment text, the \r character, and code that has security-critical functionality. In many popular environments, this code is displayed on a separate line, and thus a reader may infer that the code is executed. However, the code is NOT executed, because language/compiler/ir_to_bytecode/src/parser.rs allows the comment to continue after the \r character.
CVSS Score
5.7
EPSS Score
0.002
Published
2019-09-11
TTLock devices do not properly block guest access in certain situations where the network connection to the cloud is unavailable.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-09-10
TTLock devices do not properly restrict password-reset attempts, leading to incorrect access control and disclosure of sensitive information about valid account names.
CVSS Score
8.1
EPSS Score
0.004
Published
2019-09-10
HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Server, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Service 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-09-10