Security Vulnerabilities - CVEs Published In December 2023
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress allows Stored XSS.This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress: from n/a through 8.0.6.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-12-14
SQL njection vulnerability in SunnyToo sturls before version 1.1.13, allows attackers to escalate privileges and obtain sensitive information via StUrls::hookActionDispatcher and StUrls::getInstanceId methods.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-12-14
URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro.
Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-12-14
SQL injection vulnerability in Buy Addons bavideotab before version 1.0.6, allows attackers to escalate privileges and obtain sensitive information via the component BaVideoTabSaveVideoModuleFrontController::run().
CVSS Score
9.8
EPSS Score
0.002
Published
2023-12-14
SQLi vulnerability in S5 Register module for Joomla.
CVSS Score
9.8
EPSS Score
0.007
Published
2023-12-14
SQLi vulnerability in Starshop component for Joomla.
CVSS Score
9.8
EPSS Score
0.009
Published
2023-12-14
A reflected XSS vulnerability was discovered in the LivingWord component for Joomla.
CVSS Score
6.1
EPSS Score
0.006
Published
2023-12-14
A reflected XSS vulnerability was discovered in the Extplorer component for Joomla.
CVSS Score
6.1
EPSS Score
0.006
Published
2023-12-14
SQLi vulnerability in LMS Lite component for Joomla.
CVSS Score
9.8
EPSS Score
0.007
Published
2023-12-14
Unauthenticated LFI/SSRF in JCDashboards component for Joomla.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-12-14