Security Vulnerabilities - CVEs Published In November 2023
An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user.
See product Instruction Manual Appendix A dated 20230830 for more details.
CVSS Score
4.3
EPSS Score
0.002
Published
2023-11-30
An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow an unauthenticated remote attacker to brute-force session tokens and bypass authentication.
See product Instruction Manual Appendix A dated 20230830 for more details.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-11-30
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the Schweitzer Engineering Laboratories SEL-451 could allow an attacker to craft a link that could execute arbitrary code on a victim's system.
See product Instruction Manual Appendix A dated 20230830 for more details.
CVSS Score
4.3
EPSS Score
0.002
Published
2023-11-30
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoundCloud Inc. SoundCloud Shortcode allows Stored XSS.This issue affects SoundCloud Shortcode: from n/a through 3.1.0.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-11-30
An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior.
See product Instruction Manual Appendix A dated 20230830 for more details.
CVSS Score
4.0
EPSS Score
0.001
Published
2023-11-30
An Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user.
See product Instruction Manual Appendix A dated 20230830 for more details.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-11-30
The 'My Calendar' WordPress Plugin, version < 3.4.22 is affected by an unauthenticated SQL injection vulnerability in the 'from' and 'to' parameters in the '/my-calendar/v1/events' rest route.
CVSS Score
8.6
EPSS Score
0.846
Published
2023-11-30
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin allows Reflected XSS.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.4.3.
CVSS Score
7.1
EPSS Score
0.002
Published
2023-11-30
Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin – NextGEN Gallery: from n/a through 3.37.
CVSS Score
4.3
EPSS Score
0.002
Published
2023-11-30
Cross-Site Request Forgery (CSRF) vulnerability in Wap Nepal Delete Post Revisions In WordPress allows Cross Site Request Forgery.This issue affects Delete Post Revisions In WordPress: from n/a through 4.6.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-11-30