Security Vulnerabilities - CVEs Published In September 2019
An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit area.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-09-20
App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-09-20
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364.
CVSS Score
3.7
EPSS Score
0.004
Published
2019-09-20
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626.
CVSS Score
5.9
EPSS Score
0.002
Published
2019-09-20
The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php deletegc XSS.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-09-20
The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection.
CVSS Score
8.8
EPSS Score
0.006
Published
2019-09-20
The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection.
CVSS Score
7.2
EPSS Score
0.007
Published
2019-09-20
The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection.
CVSS Score
8.8
EPSS Score
0.007
Published
2019-09-20
The websimon-tables plugin through 1.3.4 for WordPress has wp-admin/tools.php edit_style id XSS.
CVSS Score
4.8
EPSS Score
0.003
Published
2019-09-20
The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload.
CVSS Score
8.8
EPSS Score
0.009
Published
2019-09-20