Security Vulnerabilities - CVEs Published In September 2018
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call.
CVSS Score
7.5
EPSS Score
0.007
Published
2018-09-17
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-09-17
Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal.
CVSS Score
5.3
EPSS Score
0.026
Published
2018-09-17
zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php via a Client-Ip HTTP header.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-09-17
Prezi Next 1.3.101.11 has a documented purpose of creating HTML5 presentations but has SE_DEBUG_PRIVILEGE on Windows, which might allow attackers to bypass intended access restrictions.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-09-17
The Jibu Pro plugin through 1.7 for WordPress is prone to Stored XSS via the wp-content/plugins/jibu-pro/quiz_action.php name (aka Quiz Name) field.
CVSS Score
5.4
EPSS Score
0.001
Published
2018-09-17
UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type.
CVSS Score
8.8
EPSS Score
0.039
Published
2018-09-17
The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS via the title parameter in a ql_insert action to wp-admin/admin.php.
CVSS Score
5.4
EPSS Score
0.001
Published
2018-09-17
MetInfo 6.1.0 has SQL injection in doexport() in app/system/feedback/admin/feedback_admin.class.php via the class1 field.
CVSS Score
4.9
EPSS Score
0.002
Published
2018-09-17
PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header,
CVSS Score
5.4
EPSS Score
0.003
Published
2018-09-17