Security Vulnerabilities - CVEs Published In November 2023
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tainacan.Org Tainacan allows Reflected XSS.This issue affects Tainacan: from n/a through 0.20.4.
CVSS Score
7.1
EPSS Score
0.002
Published
2023-11-30
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin allows Stored XSS.This issue affects myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin: from n/a through 2.6.1.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-11-30
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team wpForo Forum allows Stored XSS.This issue affects wpForo Forum: from n/a through 2.2.3.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-11-30
Cross-Site Request Forgery (CSRF) vulnerability in Perfmatters allows Cross Site Request Forgery.This issue affects Perfmatters: from n/a through 2.1.6.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-11-30
An Improper Authentication vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote unauthenticated attacker to potentially perform session hijacking attack and bypass authentication.
See product Instruction Manual Appendix A dated 20230830 for more details.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-11-30
An allocation of resources without limits or throttling vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to make the system unavailable for an indefinite amount of time.
See product Instruction Manual Appendix A dated 20230830 for more details.
CVSS Score
4.5
EPSS Score
0.003
Published
2023-11-30
An input validation vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to create a denial of service against the system and locking out services.
See product Instruction Manual Appendix A dated 20230830 for more details.
CVSS Score
4.5
EPSS Score
0.003
Published
2023-11-30
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kriesi Enfold - Responsive Multi-Purpose Theme allows Reflected XSS.This issue affects Enfold - Responsive Multi-Purpose Theme: from n/a through 5.6.4.
CVSS Score
7.1
EPSS Score
0.002
Published
2023-11-30
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Bond, AndreSC Q2W3 Post Order allows Reflected XSS.This issue affects Q2W3 Post Order: from n/a through 1.2.8.
CVSS Score
7.1
EPSS Score
0.002
Published
2023-11-30
An Improper neutralization of input during web page generation in the Schweitzer Engineering Laboratories SEL-411L could allow an attacker to generate cross-site scripting based attacks against an authorized and authenticated user.
See product Instruction Manual Appendix A dated 20230830 for more details.
CVSS Score
4.3
EPSS Score
0.003
Published
2023-11-30