Security Vulnerabilities - CVEs Published In September 2023
A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the notification.message parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-09-01
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in miniOrange YourMembership Single Sign On – YM SSO Login plugin <= 1.1.3 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-09-01
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Artem Abramovich Art Decoration Shortcode plugin <= 1.5.6 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-09-01
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dharmesh Patel Post List With Featured Image plugin <= 1.2 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-09-01
An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-09-01
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ShopConstruct plugin <= 1.1.2 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-09-01
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Chop-Chop Coming Soon Chop Chop plugin <= 2.2.4 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-09-01
An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to create model experiments in public projects.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-09-01
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the configured URL in the Sentry error tracking settings page. This was as a result of an incomplete fix for CVE-2022-4365.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-09-01
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which the projects API pagination can be skipped, potentially leading to DoS on certain instances.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-09-01