Security Vulnerabilities - CVEs Published In September 2023
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Beplus Sermon'e – Sermons Online plugin <= 1.0.0 versions.
CVSS Score
7.1
EPSS Score
0.002
Published
2023-09-27
Unauth. Cross-Site Scripting (XSS) vulnerability in TravelMap plugin <= 1.0.1 versions.
CVSS Score
5.8
EPSS Score
0.002
Published
2023-09-27
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Restrict plugin <= 2.2.4 versions.
CVSS Score
7.1
EPSS Score
0.002
Published
2023-09-27
MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, attackers can login to vnc and obtain high permissions. This issue has been addressed in version 2.10.7 LTS. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Score
4.6
EPSS Score
0.001
Published
2023-09-27
Keep-alive vulnerability in the sticky broadcast mechanism. Successful exploitation of this vulnerability may cause malicious apps to run continuously in the background.
CVSS Score
3.3
EPSS Score
0.0
Published
2023-09-27
Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause an app to be activated automatically.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-09-27
Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause several apps to be activated automatically.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-09-27
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. UI layout preferences management can be hijacked to lead to SQL injection. This injection can be use to takeover an administrator account. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability.
CVSS Score
8.1
EPSS Score
0.007
Published
2023-09-27
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user can enumerate sensitive fields values on resources on which he has read access. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability.
CVSS Score
4.9
EPSS Score
0.003
Published
2023-09-27
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A user with write access to another user can make requests to change the latter's password and then take control of their account. Users are advised to upgrade to version 10.0.10. There are no known work around for this vulnerability.
CVSS Score
4.9
EPSS Score
0.002
Published
2023-09-27