Security Vulnerabilities - CVEs Published In December 2023
A reflected XSS vulnerability was discovered in the Proforms Basic component for Joomla.
CVSS Score
6.1
EPSS Score
0.006
Published
2023-12-14
A reflected XSS vulnerability was discovered in the Quickform component for Joomla.
CVSS Score
6.1
EPSS Score
0.006
Published
2023-12-14
A reflected XSS vulnerability was discovered in the Joomdoc component for Joomla.
CVSS Score
6.1
EPSS Score
0.006
Published
2023-12-14
A reflected XSS vulnerability was discovered in the Clicky Analytics Dashboard module for Joomla.
CVSS Score
6.1
EPSS Score
0.006
Published
2023-12-14
A reflected XSS vulnerability was discovered in the Easy Quick Contact module for Joomla.
CVSS Score
6.1
EPSS Score
0.006
Published
2023-12-14
There is a command injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands.
CVSS Score
8.4
EPSS Score
0.003
Published
2023-12-14
There is a denial of service vulnerability in some ZTE mobile internet products. Due to insufficient validation of Web interface parameter, an attacker could use the vulnerability to perform a denial of service attack.
CVSS Score
6.5
EPSS Score
0.003
Published
2023-12-14
There is a buffer overflow vulnerability in some ZTE mobile internet producsts. Due to insufficient validation of tcp port parameter, an authenticated attacker could use the vulnerability to perform a denial of service attack.
CVSS Score
5.9
EPSS Score
0.002
Published
2023-12-14
In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.
CVSS Score
4.2
EPSS Score
0.002
Published
2023-12-14
Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php.
CVSS Score
9.8
EPSS Score
0.624
Published
2023-12-14