Latest vulnerabilities of Monday, November 20, 2023 + weekend

Latest vulnerabilities of Monday, November 20, 2023 + weekend
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 11/20/2023 at 11:57:03 PM

(9) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : hq.dhs.gov

Vulnerability ID : CVE-2023-35762

First published on : 20-11-2023 17:15:13
Last modified on : 20-11-2023 19:18:51

Description :
Versions of INEA ME RTU firmware 3.36b and prior are vulnerable to operating system (OS) command injection, which could allow remote code execution.

CVE ID : CVE-2023-35762
Source : ics-cert@hq.dhs.gov
CVSS Score : 9.9

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-02 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-29155

First published on : 20-11-2023 17:15:13
Last modified on : 20-11-2023 19:18:51

Description :
Versions of INEA ME RTU firmware 3.36b and prior do not require authentication to the "root" account on the host system of the device. This could allow an attacker to obtain admin-level access to the host system.

CVE ID : CVE-2023-29155
Source : ics-cert@hq.dhs.gov
CVSS Score : 9.8

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-02 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-287


Source : adobe.com

Vulnerability ID : CVE-2023-44324

First published on : 17-11-2023 13:15:08
Last modified on : 17-11-2023 13:58:53

Description :
Adobe FrameMaker versions 2022 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An unauthenticated attacker can abuse this vulnerability to access the API and leak default admin's password. Exploitation of this issue does not require user interaction.

CVE ID : CVE-2023-44324
Source : psirt@adobe.com
CVSS Score : 9.8

References :
https://helpx.adobe.com/security/products/framemaker/apsb23-58.html | source : psirt@adobe.com

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-44350

First published on : 17-11-2023 14:15:21
Last modified on : 17-11-2023 17:28:23

Description :
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.

CVE ID : CVE-2023-44350
Source : psirt@adobe.com
CVSS Score : 9.8

References :
https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html | source : psirt@adobe.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-44351

First published on : 17-11-2023 14:15:21
Last modified on : 17-11-2023 17:28:23

Description :
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.

CVE ID : CVE-2023-44351
Source : psirt@adobe.com
CVSS Score : 9.8

References :
https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html | source : psirt@adobe.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-44353

First published on : 17-11-2023 14:15:21
Last modified on : 17-11-2023 17:28:23

Description :
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.

CVE ID : CVE-2023-44353
Source : psirt@adobe.com
CVSS Score : 9.8

References :
https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html | source : psirt@adobe.com

Vulnerability : CWE-502


Source : liferay.com

Vulnerability ID : CVE-2023-47797

First published on : 17-11-2023 06:15:34
Last modified on : 17-11-2023 13:59:04

Description :
Reflected cross-site scripting (XSS) vulnerability on a content pageโ€™s edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remote attackers to inject arbitrary web script or HTML via the `p_l_back_url_title` parameter.

CVE ID : CVE-2023-47797
Source : security@liferay.com
CVSS Score : 9.6

References :
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-47797 | source : security@liferay.com

Vulnerability : CWE-79


Source : github.com

Vulnerability ID : CVE-2023-48292

First published on : 20-11-2023 18:15:07
Last modified on : 20-11-2023 19:18:51

Description :
The XWiki Admin Tools Application provides tools to help the administration of XWiki. Starting in version 4.4 and prior to version 4.5.1, a cross site request forgery vulnerability in the admin tool for executing shell commands on the server allows an attacker to execute arbitrary shell commands by tricking an admin into loading the URL with the shell command. A very simple possibility for an attack are comments. When the attacker can leave a comment on any page in the wiki it is sufficient to include an image with an URL like `/xwiki/bin/view/Admin/RunShellCommand?command=touch%20/tmp/attacked` in the comment. When an admin views the comment, the file `/tmp/attacked` will be created on the server. The output of the command is also vulnerable to XWiki syntax injection which offers a simple way to execute Groovy in the context of the XWiki installation and thus an even easier way to compromise the integrity and confidentiality of the whole XWiki installation. This has been patched by adding a form token check in version 4.5.1 of the admin tools. Some workarounds are available. The patch can be applied manually to the affected wiki pages. Alternatively, the document `Admin.RunShellCommand` can also be deleted if the possibility to run shell commands isn't needed.

CVE ID : CVE-2023-48292
Source : security-advisories@github.com
CVSS Score : 9.6

References :
https://github.com/xwiki-contrib/application-admintools/commit/03815c505c9f37006a0c56495e862dc549a39da8 | source : security-advisories@github.com
https://github.com/xwiki-contrib/application-admintools/security/advisories/GHSA-8jpr-ff92-hpf9 | source : security-advisories@github.com
https://jira.xwiki.org/browse/ADMINTOOL-91 | source : security-advisories@github.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-48240

First published on : 20-11-2023 18:15:07
Last modified on : 20-11-2023 19:18:51

Description :
XWiki Platform is a generic wiki platform. The rendered diff in XWiki embeds images to be able to compare the contents and not display a difference for an actually unchanged image. For this, XWiki requests all embedded images on the server side. These requests are also sent for images from other domains and include all cookies that were sent in the original request to ensure that images with restricted view right can be compared. Starting in version 11.10.1 and prior to versions 14.10.15, 15.5.1, and 15.6, this allows an attacker to steal login and session cookies that allow impersonating the current user who views the diff. The attack can be triggered with an image that references the rendered diff, thus making it easy to trigger. Apart from stealing login cookies, this also allows server-side request forgery (the result of any successful request is returned in the image's source) and viewing protected content as once a resource is cached, it is returned for all users. As only successful requests are cached, the cache will be filled by the first user who is allowed to access the resource. This has been patched in XWiki 14.10.15, 15.5.1 and 15.6. The rendered diff now only downloads images from trusted domains. Further, cookies are only sent when the image's domain is the same the requested domain. The cache has been changed to be specific for each user. As a workaround, the image embedding feature can be disabled by deleting `xwiki-platform-diff-xml-<version>.jar` in `WEB-INF/lib/`.

CVE ID : CVE-2023-48240
Source : security-advisories@github.com
CVSS Score : 9.0

References :
https://github.com/xwiki/xwiki-platform/commit/bff0203e739b6e3eb90af5736f04278c73c2a8bb | source : security-advisories@github.com
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7rfg-6273-f5wp | source : security-advisories@github.com
https://jira.xwiki.org/browse/XWIKI-20818 | source : security-advisories@github.com

Vulnerability : CWE-201
Vulnerability : CWE-281
Vulnerability : CWE-918


(26) HIGH VULNERABILITIES [7.0, 8.9]

Source : wordfence.com

Vulnerability ID : CVE-2023-6196

First published on : 20-11-2023 15:15:09
Last modified on : 20-11-2023 19:18:51

Description :
The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the function audio_merchant_add_audio_file function. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-6196
Source : security@wordfence.com
CVSS Score : 8.8

References :
https://plugins.trac.wordpress.org/browser/audio-merchant/trunk/audio-merchant.php#L1298 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/06513dfe-f263-48b7-ba01-2c205247095b?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-4214

First published on : 18-11-2023 02:15:49
Last modified on : 18-11-2023 04:19:44

Description :
The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit.

CVE ID : CVE-2023-4214
Source : security@wordfence.com
CVSS Score : 8.1

References :
https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_API_Limit.php?rev=2997182 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_WPAPI_Mods.php#L567 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2997160/apppresser | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/4c44c36a-c4c7-49c2-b750-1589e7840dde?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6187

First published on : 18-11-2023 02:15:49
Last modified on : 18-11-2023 04:19:44

Description :
The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'pmpro_paypalexpress_session_vars_for_user_fields' function in versions up to, and including, 2.12.3. This makes it possible for authenticated attackers with subscriber privileges or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This can be exploited if 2Checkout (deprecated since version 2.6) or PayPal Express is set as the payment method and a custom user field is added that is only visible at profile, and not visible at checkout according to its settings.

CVE ID : CVE-2023-6187
Source : security@wordfence.com
CVSS Score : 7.5

References :
https://plugins.trac.wordpress.org/browser/paid-memberships-pro/tags/2.12.3/includes/fields.php#L564 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2997319/paid-memberships-pro/tags/2.12.4/includes/fields.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2997319/paid-memberships-pro/tags/2.12.4/includes/functions.php | source : security@wordfence.com
https://www.paidmembershipspro.com/pmpro-update-2-12-4/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/5979f2eb-2ca8-4b06-814c-c4236bb81af0?source=cve | source : security@wordfence.com


Source : github.com

Vulnerability ID : CVE-2023-48293

First published on : 20-11-2023 19:15:08
Last modified on : 20-11-2023 19:18:46

Description :
The XWiki Admin Tools Application provides tools to help the administration of XWiki. Prior to version 4.5.1, a cross-site request forgery vulnerability in the query on XWiki tool allows executing arbitrary database queries on the database of the XWiki installation. Among other things, this allows modifying and deleting all data of the wiki. This could be both used to damage the wiki and to create an account with elevated privileges for the attacker, thus impacting the confidentiality, integrity and availability of the whole XWiki instance. A possible attack vector are comments on the wiki, by embedding an image with wiki syntax like `[[image:path:/xwiki/bin/view/Admin/QueryOnXWiki?query=DELETE%20FROM%20xwikidoc]]`, all documents would be deleted from the database when an admin user views this comment. This has been patched in Admin Tools Application 4.5.1 by adding form token checks. Some workarounds are available. The patch can also be applied manually to the affected pages. Alternatively, if the query tool is not needed, by deleting the document `Admin.SQLToolsGroovy`, all database query tools can be deactivated.

CVE ID : CVE-2023-48293
Source : security-advisories@github.com
CVSS Score : 8.8

References :
https://github.com/xwiki-contrib/application-admintools/commit/45298b4fbcafba6914537dcdd798a1e1385f9e46 | source : security-advisories@github.com
https://github.com/xwiki-contrib/application-admintools/security/advisories/GHSA-4f4c-rhjv-4wgv | source : security-advisories@github.com
https://jira.xwiki.org/browse/ADMINTOOL-92 | source : security-advisories@github.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-48238

First published on : 17-11-2023 22:15:07
Last modified on : 18-11-2023 04:19:44

Description :
joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens (JWT) which are a compact URL-safe means of representing claims to be transferred between two parties. Affected versions of the json-web-token library are vulnerable to a JWT algorithm confusion attack. On line 86 of the 'index.js' file, the algorithm to use for verifying the signature of the JWT token is taken from the JWT token, which at that point is still unverified and thus shouldn't be trusted. To exploit this vulnerability, an attacker needs to craft a malicious JWT token containing the HS256 algorithm, signed with the public RSA key of the victim application. This attack will only work against this library is the RS256 algorithm is in use, however it is a best practice to use that algorithm.

CVE ID : CVE-2023-48238
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/joaquimserafim/json-web-token/security/advisories/GHSA-4xw9-cx39-r355 | source : security-advisories@github.com

Vulnerability : CWE-345


Vulnerability ID : CVE-2023-48241

First published on : 20-11-2023 18:15:07
Last modified on : 20-11-2023 19:18:51

Description :
XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 14.10.15, 15.5.1, and 15.6RC1, the Solr-based search suggestion provider that also duplicates as generic JavaScript API for search results in XWiki exposes the content of all documents of all wikis to anybody who has access to it, by default it is public. This exposes all information stored in the wiki (but not some protected information like password hashes). While there is a right check normally, the right check can be circumvented by explicitly requesting fields from Solr that don't include the data for the right check. This has been fixed in XWiki 15.6RC1, 15.5.1 and 14.10.15 by not listing documents whose rights cannot be checked. No known workarounds are available.

CVE ID : CVE-2023-48241
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/xwiki/xwiki-platform/commit/93b8ec702d7075f0f5794bb05dfb651382596764 | source : security-advisories@github.com
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7fqr-97j7-jgf4 | source : security-advisories@github.com
https://jira.xwiki.org/browse/XWIKI-21138 | source : security-advisories@github.com

Vulnerability : CWE-285


Vulnerability ID : CVE-2023-48221

First published on : 20-11-2023 18:15:06
Last modified on : 20-11-2023 19:18:51

Description :
wire-avs provides Audio, Visual, and Signaling (AVS) functionality sure the secure messaging software Wire. Prior to versions 9.2.22 and 9.3.5, a remote format string vulnerability could potentially allow an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 9.2.22 & 9.3.5 and is already included on all Wire products. No known workarounds are available.

CVE ID : CVE-2023-48221
Source : security-advisories@github.com
CVSS Score : 7.3

References :
https://github.com/wireapp/wire-avs/commit/364c3326a1331a84607bce2e17126306d39150cd | source : security-advisories@github.com
https://github.com/wireapp/wire-avs/security/advisories/GHSA-m4xg-fcr3-w3pq | source : security-advisories@github.com

Vulnerability : CWE-134


Source : openharmony.io

Vulnerability ID : CVE-2023-43612

First published on : 20-11-2023 12:15:08
Last modified on : 20-11-2023 15:04:56

Description :
in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary file read and write through improper preservation of permissions.

CVE ID : CVE-2023-43612
Source : scy@openharmony.io
CVSS Score : 8.4

References :
https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2023/2023-12.md | source : scy@openharmony.io

Vulnerability : CWE-281


Vulnerability ID : CVE-2023-3116

First published on : 20-11-2023 12:15:07
Last modified on : 20-11-2023 15:04:56

Description :
in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information or rewrite sensitive file through incorrect default permissions.

CVE ID : CVE-2023-3116
Source : scy@openharmony.io
CVSS Score : 7.3

References :
https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2023/2023-12.md | source : scy@openharmony.io

Vulnerability : CWE-276


Source : us.ibm.com

Vulnerability ID : CVE-2023-40363

First published on : 18-11-2023 18:15:08
Last modified on : 20-11-2023 00:02:59

Description :
IBM InfoSphere Information Server 11.7 could allow an authenticated user to change installation files due to incorrect file permission settings. IBM X-Force ID: 263332.

CVE ID : CVE-2023-40363
Source : psirt@us.ibm.com
CVSS Score : 8.1

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/263332 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7070742 | source : psirt@us.ibm.com


Source : trellix.com

Vulnerability ID : CVE-2023-5444

First published on : 17-11-2023 10:15:07
Last modified on : 17-11-2023 13:58:53

Description :
A Cross Site Request Forgery vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2 allows a remote low privilege user to successfully add a new user with administrator privileges to the ePO server. This impacts the dashboard area of the user interface. To exploit this the attacker must change the HTTP payload post submission, prior to it reaching the ePO server.

CVE ID : CVE-2023-5444
Source : trellixpsirt@trellix.com
CVSS Score : 8.0

References :
https://kcm.trellix.com/agent/index?page=content&id=SB10410 | source : trellixpsirt@trellix.com

Vulnerability : CWE-352


Source : adobe.com

Vulnerability ID : CVE-2023-47066

First published on : 17-11-2023 11:15:07
Last modified on : 17-11-2023 13:58:53

Description :
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-47066
Source : psirt@adobe.com
CVSS Score : 7.8

References :
https://helpx.adobe.com/security/products/after_effects/apsb23-66.html | source : psirt@adobe.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-47067

First published on : 17-11-2023 11:15:07
Last modified on : 17-11-2023 13:58:53

Description :
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-47067
Source : psirt@adobe.com
CVSS Score : 7.8

References :
https://helpx.adobe.com/security/products/after_effects/apsb23-66.html | source : psirt@adobe.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-47068

First published on : 17-11-2023 11:15:07
Last modified on : 17-11-2023 13:58:53

Description :
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-47068
Source : psirt@adobe.com
CVSS Score : 7.8

References :
https://helpx.adobe.com/security/products/after_effects/apsb23-66.html | source : psirt@adobe.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-47069

First published on : 17-11-2023 11:15:08
Last modified on : 17-11-2023 13:58:53

Description :
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-47069
Source : psirt@adobe.com
CVSS Score : 7.8

References :
https://helpx.adobe.com/security/products/after_effects/apsb23-66.html | source : psirt@adobe.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-47070

First published on : 17-11-2023 11:15:08
Last modified on : 17-11-2023 13:58:53

Description :
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-47070
Source : psirt@adobe.com
CVSS Score : 7.8

References :
https://helpx.adobe.com/security/products/after_effects/apsb23-66.html | source : psirt@adobe.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-47073

First published on : 17-11-2023 11:15:09
Last modified on : 17-11-2023 13:58:53

Description :
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-47073
Source : psirt@adobe.com
CVSS Score : 7.8

References :
https://helpx.adobe.com/security/products/after_effects/apsb23-66.html | source : psirt@adobe.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-22272

First published on : 17-11-2023 13:15:07
Last modified on : 17-11-2023 13:58:53

Description :
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.

CVE ID : CVE-2023-22272
Source : psirt@adobe.com
CVSS Score : 7.5

References :
https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html | source : psirt@adobe.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-22274

First published on : 17-11-2023 13:15:08
Last modified on : 17-11-2023 13:58:53

Description :
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.

CVE ID : CVE-2023-22274
Source : psirt@adobe.com
CVSS Score : 7.5

References :
https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html | source : psirt@adobe.com

Vulnerability : CWE-611


Vulnerability ID : CVE-2023-22275

First published on : 17-11-2023 13:15:08
Last modified on : 17-11-2023 13:58:53

Description :
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.

CVE ID : CVE-2023-22275
Source : psirt@adobe.com
CVSS Score : 7.5

References :
https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html | source : psirt@adobe.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-26347

First published on : 17-11-2023 14:15:20
Last modified on : 17-11-2023 17:28:23

Description :
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.

CVE ID : CVE-2023-26347
Source : psirt@adobe.com
CVSS Score : 7.5

References :
https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html | source : psirt@adobe.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-22273

First published on : 17-11-2023 13:15:08
Last modified on : 17-11-2023 13:58:53

Description :
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. Exploitation of this issue does not require user interaction.

CVE ID : CVE-2023-22273
Source : psirt@adobe.com
CVSS Score : 7.2

References :
https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html | source : psirt@adobe.com

Vulnerability : CWE-22


Source : honeywell.com

Vulnerability ID : CVE-2023-6179

First published on : 17-11-2023 17:15:08
Last modified on : 17-11-2023 17:28:23

Description :
Honeywell ProWatch, 4.5, including all Service Pack versions, contain a Vulnerability in Application Server's executable folder(s). A(n) attacker could potentially exploit this vulnerability, leading to a standard user to have arbitrary system code execution. Honeywell recommends updating to the most recent version of this product, service or offering (Pro-watch 6.0.2, 6.0, 5.5.2,5.0.5).

CVE ID : CVE-2023-6179
Source : psirt@honeywell.com
CVSS Score : 7.8

References :
https://buildings.honeywell.com/us/en/brands/our-brands/security/support-and-resources/product-resources/eol-and-security-notices | source : psirt@honeywell.com
https://www.honeywell.com/us/en/product-security | source : psirt@honeywell.com

Vulnerability : CWE-732


Source : zyxel.com.tw

Vulnerability ID : CVE-2023-5593

First published on : 20-11-2023 12:15:09
Last modified on : 20-11-2023 15:04:56

Description :
The out-of-bounds write vulnerability in the Windows-based SecuExtender SSL VPN Client software version 4.0.4.0 could allow an authenticated local user to gain a privilege escalation by sending a crafted CREATE message.

CVE ID : CVE-2023-5593
Source : security@zyxel.com.tw
CVSS Score : 7.8

References :
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-out-of-bounds-write-vulnerability-in-secuextender-ssl-vpn-client-software | source : security@zyxel.com.tw

Vulnerability : CWE-787


Source : hq.dhs.gov

Vulnerability ID : CVE-2021-22636

First published on : 20-11-2023 19:15:08
Last modified on : 20-11-2023 19:18:51

Description :
Texas Instruments TI-RTOS, when configured to use HeapMem heap(default), malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'HeapMem_allocUnprotected' and result in code execution.

CVE ID : CVE-2021-22636
Source : ics-cert@hq.dhs.gov
CVSS Score : 7.4

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04 | source : ics-cert@hq.dhs.gov
https://www.ti.com/tool/TI-RTOS-MCU | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-190


Vulnerability ID : CVE-2021-27429

First published on : 20-11-2023 19:15:08
Last modified on : 20-11-2023 19:18:51

Description :
Texas Instruments TI-RTOS returns a valid pointer to a small buffer on extremely large values. This can trigger an integer overflow vulnerability in 'HeapTrack_alloc' and result in code execution.

CVE ID : CVE-2021-27429
Source : ics-cert@hq.dhs.gov
CVSS Score : 7.4

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04 | source : ics-cert@hq.dhs.gov
https://www.ti.com/tool/TI-RTOS-MCU | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-190


(56) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : tenable.com

Vulnerability ID : CVE-2023-6062

First published on : 20-11-2023 21:15:08
Last modified on : 20-11-2023 21:15:08

Description :
An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial of service condition.

CVE ID : CVE-2023-6062
Source : vulnreport@tenable.com
CVSS Score : 6.8

References :
https://www.tenable.com/security/tns-2023-39 | source : vulnreport@tenable.com
https://www.tenable.com/security/tns-2023-40 | source : vulnreport@tenable.com


Vulnerability ID : CVE-2023-6178

First published on : 20-11-2023 21:15:08
Last modified on : 20-11-2023 21:15:08

Description :
An arbitrary file write vulnerability exists where an authenticated attacker with privileges on the managing application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial of service condition.

CVE ID : CVE-2023-6178
Source : vulnreport@tenable.com
CVSS Score : 6.8

References :
https://www.tenable.com/security/tns-2023-41 | source : vulnreport@tenable.com


Source : adobe.com

Vulnerability ID : CVE-2023-22268

First published on : 17-11-2023 13:15:07
Last modified on : 17-11-2023 13:58:53

Description :
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an low-privileged authenticated attacker. Exploitation of this issue does not require user interaction.

CVE ID : CVE-2023-22268
Source : psirt@adobe.com
CVSS Score : 6.5

References :
https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html | source : psirt@adobe.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-44352

First published on : 17-11-2023 14:15:21
Last modified on : 17-11-2023 17:28:23

Description :
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-44352
Source : psirt@adobe.com
CVSS Score : 6.1

References :
https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html | source : psirt@adobe.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-44325

First published on : 17-11-2023 09:15:23
Last modified on : 17-11-2023 13:58:59

Description :
Adobe Animate versions 23.0.2 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-44325
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://helpx.adobe.com/security/products/animate/apsb23-61.html | source : psirt@adobe.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-44326

First published on : 17-11-2023 09:15:23
Last modified on : 17-11-2023 13:58:59

Description :
Adobe Dimension versions 3.4.9 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-44326
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://helpx.adobe.com/security/products/dimension/apsb23-62.html | source : psirt@adobe.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-26364

First published on : 17-11-2023 14:15:21
Last modified on : 17-11-2023 17:28:23

Description :
@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges.

CVE ID : CVE-2023-26364
Source : psirt@adobe.com
CVSS Score : 5.3

References :
https://github.com/adobe/css-tools/security/advisories/GHSA-hpx4-r86g-5jrg | source : psirt@adobe.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-44355

First published on : 17-11-2023 14:15:22
Last modified on : 17-11-2023 17:28:23

Description :
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to impact a minor integrity feature. Exploitation of this issue does require user interaction.

CVE ID : CVE-2023-44355
Source : psirt@adobe.com
CVSS Score : 4.3

References :
https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html | source : psirt@adobe.com

Vulnerability : CWE-20


Source : patchstack.com

Vulnerability ID : CVE-2023-47664

First published on : 18-11-2023 21:15:08
Last modified on : 20-11-2023 00:02:59

Description :
Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview Plainview Protect Passwords.This issue affects Plainview Protect Passwords: from n/a through 1.4.

CVE ID : CVE-2023-47664
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/plainview-protect-passwords/wordpress-plainview-protect-passwords-plugin-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-47650

First published on : 18-11-2023 22:15:08
Last modified on : 20-11-2023 00:02:51

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Peter Sterling Add Local Avatar.This issue affects Add Local Avatar: from n/a through 12.1.

CVE ID : CVE-2023-47650
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/add-local-avatar/wordpress-add-local-avatar-plugin-12-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-28780

First published on : 18-11-2023 23:15:08
Last modified on : 20-11-2023 00:02:51

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Yoast Yoast Local Premium.This issue affects Yoast Local Premium: from n/a through 14.8.

CVE ID : CVE-2023-28780
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/wpseo-local/wordpress-yoast-seo-local-plugin-14-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-47772

First published on : 20-11-2023 15:15:09
Last modified on : 20-11-2023 19:18:54

Description :
Contributor+ Stored Cross-Site Scripting (XSS) vulnerability in Slider Revolution <= 6.6.14.

CVE ID : CVE-2023-47772
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/revslider/wordpress-slider-revolution-plugin-6-6-14-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-47671

First published on : 18-11-2023 21:15:09
Last modified on : 20-11-2023 00:02:59

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy Vertical scroll recent.This issue affects Vertical scroll recent post: from n/a through 14.0.

CVE ID : CVE-2023-47671
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/vertical-scroll-recent-post/wordpress-vertical-scroll-recent-post-plugin-14-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-47685

First published on : 18-11-2023 21:15:10
Last modified on : 20-11-2023 00:02:59

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Lukman Nakib Preloader Matrix.This issue affects Preloader Matrix: from n/a through 2.0.1.

CVE ID : CVE-2023-47685
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/matrix-pre-loader/wordpress-preloader-matrix-plugin-2-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-47243

First published on : 18-11-2023 22:15:07
Last modified on : 20-11-2023 00:02:59

Description :
Cross-Site Request Forgery (CSRF) vulnerability in CodeMShop ???? ????? โ€“ MSHOP MY SITE.This issue affects ???? ????? โ€“ MSHOP MY SITE: from n/a through 1.1.6.

CVE ID : CVE-2023-47243
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/mshop-mysite/wordpress-mshop-my-site-plugin-1-1-6-broken-access-control-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-47551

First published on : 18-11-2023 22:15:07
Last modified on : 20-11-2023 00:02:51

Description :
Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Made Easy โ€“ Smart Donations.This issue affects Donations Made Easy โ€“ Smart Donations: from n/a through 4.0.12.

CVE ID : CVE-2023-47551
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/smart-donations/wordpress-donations-made-easy-smart-donations-plugin-4-0-12-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-47552

First published on : 18-11-2023 22:15:07
Last modified on : 20-11-2023 00:02:51

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Labib Ahmed Image Hover Effects โ€“ WordPress Plugin.This issue affects Image Hover Effects โ€“ WordPress Plugin: from n/a through 5.5.

CVE ID : CVE-2023-47552
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/image-hover-effects/wordpress-image-hover-effects-plugin-5-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-47553

First published on : 18-11-2023 22:15:08
Last modified on : 20-11-2023 00:02:51

Description :
Cross-Site Request Forgery (CSRF) vulnerability in User Local Inc UserHeat Plugin.This issue affects UserHeat Plugin: from n/a through 1.1.6.

CVE ID : CVE-2023-47553
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/userheat/wordpress-userheat-plugin-plugin-1-1-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-47644

First published on : 18-11-2023 22:15:08
Last modified on : 20-11-2023 00:02:51

Description :
Cross-Site Request Forgery (CSRF) vulnerability in profilegrid ProfileGrid โ€“ User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid โ€“ User Profiles, Memberships, Groups and Communities: from n/a through 5.6.6.

CVE ID : CVE-2023-47644
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-6-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-47649

First published on : 18-11-2023 22:15:08
Last modified on : 20-11-2023 00:02:51

Description :
Cross-Site Request Forgery (CSRF) vulnerability in PriceListo Best Restaurant Menu by PriceListo.This issue affects Best Restaurant Menu by PriceListo: from n/a through 1.3.1.

CVE ID : CVE-2023-47649
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/best-restaurant-menu-by-pricelisto/wordpress-best-restaurant-menu-by-pricelisto-plugin-1-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-47655

First published on : 18-11-2023 22:15:09
Last modified on : 20-11-2023 00:02:51

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi ANAC XML Bandi di Gara.This issue affects ANAC XML Bandi di Gara: from n/a through 7.5.

CVE ID : CVE-2023-47655
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/avcp/wordpress-anac-xml-bandi-di-gara-plugin-7-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-31075

First published on : 18-11-2023 23:15:08
Last modified on : 20-11-2023 00:02:51

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Arshid Easy Hide Login.This issue affects Easy Hide Login: from n/a through 1.0.8.

CVE ID : CVE-2023-31075
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/easy-hide-login/wordpress-easy-hide-login-plugin-1-0-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-32245

First published on : 18-11-2023 23:15:08
Last modified on : 20-11-2023 00:02:51

Description :
Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Essential Addons for Elementor Pro.This issue affects Essential Addons for Elementor Pro: from n/a through 5.4.8.

CVE ID : CVE-2023-32245
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/essential-addons-elementor/wordpress-essential-addons-for-elementor-pro-plugin-5-4-8-unauthenticated-server-side-request-forgery-ssrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-32504

First published on : 18-11-2023 23:15:08
Last modified on : 20-11-2023 00:02:51

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Kainex Wise Chat.This issue affects Wise Chat: from n/a through 3.1.3.

CVE ID : CVE-2023-32504
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/wise-chat/wordpress-wise-chat-plugin-3-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-32514

First published on : 18-11-2023 23:15:08
Last modified on : 20-11-2023 00:02:51

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Himanshu Parashar Google Site Verification plugin using Meta Tag.This issue affects Google Site Verification plugin using Meta Tag: from n/a through 1.2.

CVE ID : CVE-2023-32514
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/google-site-verification-using-meta-tag/wordpress-google-site-verification-plugin-using-meta-tag-plugin-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-47757

First published on : 17-11-2023 09:15:23
Last modified on : 17-11-2023 13:58:53

Description :
Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in AWeber AWeber โ€“ Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth allows Accessing Functionality Not Properly Constrained by ACLs, Cross-Site Request Forgery.This issue affects AWeber โ€“ Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth: from n/a through 7.3.9.

CVE ID : CVE-2023-47757
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/aweber-web-form-widget/wordpress-aweber-plugin-7-3-9-broken-access-control-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352
Vulnerability : CWE-862


Vulnerability ID : CVE-2023-47666

First published on : 18-11-2023 21:15:09
Last modified on : 20-11-2023 00:02:59

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Code Snippets Pro Code Snippets.This issue affects Code Snippets: from n/a through 3.5.0.

CVE ID : CVE-2023-47666
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/code-snippets/wordpress-code-snippets-plugin-3-5-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-47667

First published on : 18-11-2023 21:15:09
Last modified on : 20-11-2023 00:02:59

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Mammothology WP Full Stripe Free.This issue affects WP Full Stripe Free: from n/a through 1.6.1.

CVE ID : CVE-2023-47667
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/wp-full-stripe-free/wordpress-wp-full-stripe-free-plugin-1-6-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-47670

First published on : 18-11-2023 21:15:09
Last modified on : 20-11-2023 00:02:59

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Jongmyoung Kim Korea SNS.This issue affects Korea SNS: from n/a through 1.6.3.

CVE ID : CVE-2023-47670
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/korea-sns/wordpress-korea-sns-plugin-1-6-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-47672

First published on : 18-11-2023 21:15:09
Last modified on : 20-11-2023 00:02:59

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Swashata WP Category Post List Widget.This issue affects WP Category Post List Widget: from n/a through 2.0.3.

CVE ID : CVE-2023-47672
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/wp-category-posts-list/wordpress-wp-category-post-list-widget-plugin-2-0-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-47519

First published on : 18-11-2023 22:15:07
Last modified on : 20-11-2023 00:02:51

Description :
Cross-Site Request Forgery (CSRF) vulnerability in WC Product Table WooCommerce Product Table Lite.This issue affects WooCommerce Product Table Lite: from n/a through 2.6.2.

CVE ID : CVE-2023-47519
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/wc-product-table-lite/wordpress-woocommerce-product-table-lite-plugin-2-6-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-47531

First published on : 18-11-2023 22:15:07
Last modified on : 20-11-2023 00:02:51

Description :
Cross-Site Request Forgery (CSRF) vulnerability in DroitThemes Droit Dark Mode.This issue affects Droit Dark Mode: from n/a through 1.1.2.

CVE ID : CVE-2023-47531
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/droit-dark-mode/wordpress-droit-dark-mode-plugin-1-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-47556

First published on : 18-11-2023 22:15:08
Last modified on : 20-11-2023 00:02:51

Description :
Cross-Site Request Forgery (CSRF) vulnerability in James Mehorter Device Theme Switcher.This issue affects Device Theme Switcher: from n/a through 3.0.2.

CVE ID : CVE-2023-47556
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/device-theme-switcher/wordpress-plugin-name-device-theme-switcher-plugin-3-0-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-47651

First published on : 18-11-2023 22:15:08
Last modified on : 20-11-2023 00:02:51

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Robert Macchi WP Links Page.This issue affects WP Links Page: from n/a through 4.9.4.

CVE ID : CVE-2023-47651
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/wp-links-page/wordpress-wp-links-page-plugin-4-9-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-25985

First published on : 18-11-2023 23:15:07
Last modified on : 20-11-2023 00:02:51

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Tomas | Docs | FAQ | Premium Support WordPress Tooltips.This issue affects WordPress Tooltips: from n/a through 8.2.5.

CVE ID : CVE-2023-25985
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/wordpress-tooltips/wordpress-wordpress-tooltips-plugin-8-2-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-31089

First published on : 18-11-2023 23:15:08
Last modified on : 20-11-2023 00:02:51

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Tradebooster Video XML Sitemap Generator.This issue affects Video XML Sitemap Generator: from n/a through 1.0.0.

CVE ID : CVE-2023-31089
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/video-xml-sitemap-generator/wordpress-video-xml-sitemap-generator-plugin-1-0-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-41129

First published on : 18-11-2023 23:15:09
Last modified on : 20-11-2023 00:02:51

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Patreon Patreon WordPress.This issue affects Patreon WordPress: from n/a through 1.8.6.

CVE ID : CVE-2023-41129
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/patreon-connect/wordpress-patreon-wordpress-plugin-1-8-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Source : microsoft.com

Vulnerability ID : CVE-2023-36013

First published on : 20-11-2023 16:15:08
Last modified on : 20-11-2023 19:18:51

Description :
PowerShell Information Disclosure Vulnerability

CVE ID : CVE-2023-36013
Source : secure@microsoft.com
CVSS Score : 6.5

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36013 | source : secure@microsoft.com


Source : github.com

Vulnerability ID : CVE-2023-48295

First published on : 17-11-2023 21:15:07
Last modified on : 18-11-2023 04:19:44

Description :
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting (XSS) vulnerability in the device group popups. This issue has been addressed in commit `faf66035ea` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-48295
Source : security-advisories@github.com
CVSS Score : 6.3

References :
https://github.com/librenms/librenms/blob/63eeeb71722237d1461a37bb6da99fda25e02c91/app/Http/Controllers/DeviceGroupController.php#L173C21-L173C21 | source : security-advisories@github.com
https://github.com/librenms/librenms/commit/faf66035ea1f4c1c4f34559b9d0ed40ee4a19f90 | source : security-advisories@github.com
https://github.com/librenms/librenms/security/advisories/GHSA-8phr-637g-pxrg | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-48300

First published on : 20-11-2023 19:15:09
Last modified on : 20-11-2023 19:18:46

Description :
The `Embed Privacy` plugin for WordPress that prevents the loading of embedded external content is vulnerable to Stored Cross-Site Scripting via `embed_privacy_opt_out` shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Version 1.8.1 contains a patch for this issue.

CVE ID : CVE-2023-48300
Source : security-advisories@github.com
CVSS Score : 6.3

References :
https://d.pr/v/ORuIat | source : security-advisories@github.com
https://github.com/epiphyt/embed-privacy/commit/f80929992b2a5a66f4f4953cd6f46cc227154a5c | source : security-advisories@github.com
https://github.com/epiphyt/embed-privacy/issues/199 | source : security-advisories@github.com
https://github.com/epiphyt/embed-privacy/security/advisories/GHSA-3wv9-4rvf-w37g | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-48223

First published on : 20-11-2023 18:15:07
Last modified on : 20-11-2023 19:18:51

Description :
fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to version 3.3.2, the fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match all common PEM formats for public keys. To exploit this vulnerability, an attacker needs to craft a malicious JWT token containing the HS256 algorithm, signed with the public RSA key of the victim application. This attack will only work if the victim application utilizes a public key containing the `BEGIN RSA PUBLIC KEY` header. Applications using the RS256 algorithm, a public key with a `BEGIN RSA PUBLIC KEY` header, and calling the verify function without explicitly providing an algorithm, are vulnerable to this algorithm confusion attack which allows attackers to sign arbitrary payloads which will be accepted by the verifier. Version 3.3.2 contains a patch for this issue. As a workaround, change line 29 of `blob/master/src/crypto.js` to include a regular expression.

CVE ID : CVE-2023-48223
Source : security-advisories@github.com
CVSS Score : 5.9

References :
https://github.com/nearform/fast-jwt/blob/master/src/crypto.js#L29 | source : security-advisories@github.com
https://github.com/nearform/fast-jwt/releases/tag/v3.3.2 | source : security-advisories@github.com
https://github.com/nearform/fast-jwt/security/advisories/GHSA-c2ff-88x2-x9pg | source : security-advisories@github.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-46745

First published on : 17-11-2023 22:15:07
Last modified on : 18-11-2023 04:19:44

Description :
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions the login method has no rate limit. An attacker may be able to leverage this vulnerability to gain access to user accounts. This issue has been addressed in version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-46745
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/librenms/librenms/security/advisories/GHSA-rq42-58qf-v3qx | source : security-advisories@github.com

Vulnerability : CWE-307


Vulnerability ID : CVE-2023-48218

First published on : 20-11-2023 17:15:13
Last modified on : 20-11-2023 19:18:51

Description :
The Strapi Protected Populate Plugin protects `get` endpoints from revealing too much information. Prior to version 1.3.4, users were able to bypass the field level security. Users who tried to populate something that they didn't have access to could populate those fields anyway. This issue has been patched in version 1.3.4. There are no known workarounds.

CVE ID : CVE-2023-48218
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/strapi-community/strapi-plugin-protected-populate/commit/05441066d64e09dd55937d9f089962e9ebe2fb39 | source : security-advisories@github.com
https://github.com/strapi-community/strapi-plugin-protected-populate/releases/tag/v1.3.4 | source : security-advisories@github.com
https://github.com/strapi-community/strapi-plugin-protected-populate/security/advisories/GHSA-6h67-934r-82g7 | source : security-advisories@github.com

Vulnerability : CWE-863


Vulnerability ID : CVE-2023-48309

First published on : 20-11-2023 19:15:09
Last modified on : 20-11-2023 19:18:46

Description :
NextAuth.js provides authentication for Next.js. `next-auth` applications prior to version 4.24.5 that rely on the default Middleware authorization are affected by a vulnerability. A bad actor could create an empty/mock user, by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth sign-in flow (state, PKCE or nonce). Manually overriding the `next-auth.session-token` cookie value with this non-related JWT would let the user simulate a logged in user, albeit having no user information associated with it. (The only property on this user is an opaque randomly generated string). This vulnerability does not give access to other users' data, neither to resources that require proper authorization via scopes or other means. The created mock user has no information associated with it (ie. no name, email, access_token, etc.) This vulnerability can be exploited by bad actors to peek at logged in user states (e.g. dashboard layout). `next-auth` `v4.24.5` contains a patch for the vulnerability. As a workaround, using a custom authorization callback for Middleware, developers can manually do a basic authentication.

CVE ID : CVE-2023-48309
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://authjs.dev/guides/basics/role-based-access-control | source : security-advisories@github.com
https://github.com/nextauthjs/next-auth/commit/d237059b6d0cb868c041ba18b698e0cee20a2f10 | source : security-advisories@github.com
https://github.com/nextauthjs/next-auth/security/advisories/GHSA-v64w-49xw-qq89 | source : security-advisories@github.com
https://next-auth.js.org/configuration/nextjs#advanced-usage | source : security-advisories@github.com
https://next-auth.js.org/configuration/nextjs#middlewar | source : security-advisories@github.com

Vulnerability : CWE-285
Vulnerability : CWE-863


Vulnerability ID : CVE-2023-48294

First published on : 17-11-2023 22:15:08
Last modified on : 18-11-2023 04:19:44

Description :
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions of LibreNMS when a user accesses their device dashboard, one request is sent to `graph.php` to access graphs generated on the particular Device. This request can be accessed by a low privilege user and they can enumerate devices on librenms with their id or hostname. Leveraging this vulnerability a low privilege user can see all devices registered by admin users. This vulnerability has been addressed in commit `489978a923` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-48294
Source : security-advisories@github.com
CVSS Score : 4.3

References :
https://github.com/librenms/librenms/blob/fa93034edd40c130c2ff00667ca2498d84be6e69/html/graph.php#L19C1-L25C2 | source : security-advisories@github.com
https://github.com/librenms/librenms/commit/489978a923ed52aa243d3419889ca298a8a6a7cf | source : security-advisories@github.com
https://github.com/librenms/librenms/security/advisories/GHSA-fpq5-4vwm-78x4 | source : security-advisories@github.com

Vulnerability : CWE-200


Source : redhat.com

Vulnerability ID : CVE-2023-5341

First published on : 19-11-2023 10:15:49
Last modified on : 20-11-2023 00:02:51

Description :
A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.

CVE ID : CVE-2023-5341
Source : secalert@redhat.com
CVSS Score : 6.2

References :
https://access.redhat.com/security/cve/CVE-2023-5341 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2241774 | source : secalert@redhat.com
https://github.com/ImageMagick/ImageMagick/commit/aa673b2e4defc7cad5bec16c4fc8324f71e531f1 | source : secalert@redhat.com

Vulnerability : CWE-416


Source : openharmony.io

Vulnerability ID : CVE-2023-42774

First published on : 20-11-2023 12:15:08
Last modified on : 20-11-2023 15:04:56

Description :
in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information through incorrect default permissions.

CVE ID : CVE-2023-42774
Source : scy@openharmony.io
CVSS Score : 6.2

References :
https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2023/2023-12.md | source : scy@openharmony.io

Vulnerability : CWE-276


Vulnerability ID : CVE-2023-46100

First published on : 20-11-2023 12:15:08
Last modified on : 20-11-2023 15:04:56

Description :
in OpenHarmony v3.2.2 and prior versions allow a local attacker get sensitive buffer information through use of uninitialized resource.

CVE ID : CVE-2023-46100
Source : scy@openharmony.io
CVSS Score : 6.2

References :
https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2023/2023-12.md | source : scy@openharmony.io

Vulnerability : CWE-908


Vulnerability ID : CVE-2023-46705

First published on : 20-11-2023 12:15:08
Last modified on : 20-11-2023 15:04:56

Description :
in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion.

CVE ID : CVE-2023-46705
Source : scy@openharmony.io
CVSS Score : 6.2

References :
https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2023/2023-12.md | source : scy@openharmony.io

Vulnerability : CWE-843


Vulnerability ID : CVE-2023-6045

First published on : 20-11-2023 12:15:09
Last modified on : 20-11-2023 15:04:56

Description :
in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through type confusion.

CVE ID : CVE-2023-6045
Source : scy@openharmony.io
CVSS Score : 5.9

References :
https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2023/2023-12.md | source : scy@openharmony.io

Vulnerability : CWE-843


Vulnerability ID : CVE-2023-47217

First published on : 20-11-2023 12:15:08
Last modified on : 20-11-2023 15:04:56

Description :
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through buffer overflow.

CVE ID : CVE-2023-47217
Source : scy@openharmony.io
CVSS Score : 4.0

References :
https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2023/2023-12.md | source : scy@openharmony.io

Vulnerability : CWE-120


Source : us.ibm.com

Vulnerability ID : CVE-2023-38361

First published on : 18-11-2023 18:15:07
Last modified on : 20-11-2023 00:02:59

Description :
IBM CICS TX Advanced 10.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 260770.

CVE ID : CVE-2023-38361
Source : psirt@us.ibm.com
CVSS Score : 5.9

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/260770 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7066431 | source : psirt@us.ibm.com

Vulnerability : CWE-327


Source : trellix.com

Vulnerability ID : CVE-2023-5445

First published on : 17-11-2023 10:15:08
Last modified on : 17-11-2023 13:58:53

Description :
An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site. This impacts the dashboard area of the user interface. A user would need to be logged into ePO to trigger this vulnerability. To exploit this the attacker must change the HTTP payload post submission, prior to it reaching the ePO server.

CVE ID : CVE-2023-5445
Source : trellixpsirt@trellix.com
CVSS Score : 5.4

References :
https://kcm.trellix.com/corporate/index?page=content&id=SB10410 | source : trellixpsirt@trellix.com

Vulnerability : CWE-601


Source : wordfence.com

Vulnerability ID : CVE-2023-6197

First published on : 20-11-2023 15:15:10
Last modified on : 20-11-2023 19:18:51

Description :
The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the audio_merchant_save_settings function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-6197
Source : security@wordfence.com
CVSS Score : 5.4

References :
https://plugins.trac.wordpress.org/browser/audio-merchant/trunk/audio-merchant.php#L951 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d7911337-57fa-4268-8366-d37ff13fae86?source=cve | source : security@wordfence.com


Source : cert.vde.com

Vulnerability ID : CVE-2023-3379

First published on : 20-11-2023 08:15:44
Last modified on : 20-11-2023 15:04:56

Description :
Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.

CVE ID : CVE-2023-3379
Source : info@cert.vde.com
CVSS Score : 5.3

References :
https://cert.vde.com/en/advisories/VDE-2023-015/ | source : info@cert.vde.com

Vulnerability : CWE-269


Source : vuldb.com

Vulnerability ID : CVE-2023-6188

First published on : 17-11-2023 18:15:07
Last modified on : 18-11-2023 04:19:44

Description :
A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edit.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-245735.

CVE ID : CVE-2023-6188
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1352 | source : cna@vuldb.com
https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1358 | source : cna@vuldb.com
https://vuldb.com/?ctiid.245735 | source : cna@vuldb.com
https://vuldb.com/?id.245735 | source : cna@vuldb.com

Vulnerability : CWE-94


(3) LOW VULNERABILITIES [0.1, 3.9]

Source : mitre.org

Vulnerability ID : CVE-2023-48649

First published on : 17-11-2023 04:15:07
Last modified on : 17-11-2023 13:59:04

Description :
Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name.

CVE ID : CVE-2023-48649
Source : cve@mitre.org
CVSS Score : 3.5

References :
https://documentation.concretecms.org/developers/introduction/version-history/8513-release-notes | source : cve@mitre.org
https://documentation.concretecms.org/developers/introduction/version-history/922-release-notes | source : cve@mitre.org
https://github.com/concretecms/concretecms/pull/11695 | source : cve@mitre.org
https://github.com/concretecms/concretecms/pull/11739 | source : cve@mitre.org
https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release | source : cve@mitre.org


Source : adobe.com

Vulnerability ID : CVE-2023-47071

First published on : 17-11-2023 11:15:08
Last modified on : 17-11-2023 13:58:53

Description :
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-47071
Source : psirt@adobe.com
CVSS Score : 3.3

References :
https://helpx.adobe.com/security/products/after_effects/apsb23-66.html | source : psirt@adobe.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-47072

First published on : 17-11-2023 11:15:08
Last modified on : 17-11-2023 13:58:53

Description :
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-47072
Source : psirt@adobe.com
CVSS Score : 3.3

References :
https://helpx.adobe.com/security/products/after_effects/apsb23-66.html | source : psirt@adobe.com

Vulnerability : CWE-824


(88) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-48078

First published on : 17-11-2023 00:15:08
Last modified on : 17-11-2023 13:59:04

Description :
SQL Injection vulnerability in add.php in Simple CRUD Functionality v1.0 allows attackers to run arbitrary SQL commands via the 'title' parameter.

CVE ID : CVE-2023-48078
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/esasadam06/Simple-CRUD-Functionality-SQLi-POC | source : cve@mitre.org


Vulnerability ID : CVE-2023-45382

First published on : 17-11-2023 02:15:26
Last modified on : 17-11-2023 13:59:04

Description :
In the module "SoNice Retour" (sonice_retour) up to version 2.1.0 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system.

CVE ID : CVE-2023-45382
Source : cve@mitre.org
CVSS Score : /

References :
https://common-services.com/fr/home-fr/ | source : cve@mitre.org
https://security.friendsofpresta.org/modules/2023/11/16/sonice_retour.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-45387

First published on : 17-11-2023 02:15:26
Last modified on : 17-11-2023 13:59:04

Description :
In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via `exportProduct::_addDataToDb().`

CVE ID : CVE-2023-45387
Source : cve@mitre.org
CVSS Score : /

References :
https://addons.prestashop.com/en/data-import-export/18662-product-catalog-csv-excel-xml-export-pro.html | source : cve@mitre.org
https://security.friendsofpresta.org/modules/2023/11/16/exportproducts.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-48031

First published on : 17-11-2023 02:15:26
Last modified on : 17-11-2023 13:59:04

Description :
OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat file by manipulating the file's magic bytes to masquerade as an allowed type. This can enable the attacker to execute arbitrary code or establish a reverse shell, leading to unauthorized file writes or control over the victim's station via a crafted file upload operation.

CVE ID : CVE-2023-48031
Source : cve@mitre.org
CVSS Score : /

References :
https://bugplorer.github.io/cve-opensupports/ | source : cve@mitre.org
https://nitipoom-jar.github.io/CVE-2023-48031/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-48648

First published on : 17-11-2023 04:15:07
Last modified on : 17-11-2023 13:59:04

Description :
Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions can be granted when creating a directory with permissions greater than 0755 or when the permissions argument is not specified.

CVE ID : CVE-2023-48648
Source : cve@mitre.org
CVSS Score : /

References :
https://documentation.concretecms.org/developers/introduction/version-history/8513-release-notes | source : cve@mitre.org
https://documentation.concretecms.org/developers/introduction/version-history/922-release-notes | source : cve@mitre.org
https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release | source : cve@mitre.org


Vulnerability ID : CVE-2023-48655

First published on : 17-11-2023 05:15:12
Last modified on : 17-11-2023 13:58:59

Description :
An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters.

CVE ID : CVE-2023-48655
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/MISP/MISP/commit/158c8b2f788b75e0d26e9249a75e1be291e59d4b | source : cve@mitre.org
https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48656

First published on : 17-11-2023 05:15:12
Last modified on : 17-11-2023 13:58:59

Description :
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.

CVE ID : CVE-2023-48656
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/MISP/MISP/commit/d6ad402b31547c95280a6d8320f8f87a8f609074 | source : cve@mitre.org
https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48657

First published on : 17-11-2023 05:15:12
Last modified on : 17-11-2023 13:58:59

Description :
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.

CVE ID : CVE-2023-48657
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/MISP/MISP/commit/08bd23281ead288de678de666ef43ed6de1899fc | source : cve@mitre.org
https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48658

First published on : 17-11-2023 05:15:12
Last modified on : 17-11-2023 13:58:59

Description :
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space.

CVE ID : CVE-2023-48658
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/MISP/MISP/commit/168621521b57b2437331174186f84a6aa3e71f0d | source : cve@mitre.org
https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48659

First published on : 17-11-2023 05:15:12
Last modified on : 17-11-2023 13:58:59

Description :
An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing.

CVE ID : CVE-2023-48659
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/MISP/MISP/commit/37ecf81b84a01baa4d4b1fade4de94a9018c32ed | source : cve@mitre.org
https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176 | source : cve@mitre.org


Vulnerability ID : CVE-2023-38313

First published on : 17-11-2023 06:15:33
Last modified on : 17-11-2023 13:58:59

Description :
An issue was discovered in OpenNDS Captive Portal before 10.1.2. it has a do_binauth NULL pointer dereference that can be triggered with a crafted GET HTTP request with a missing client redirect query string parameter. Triggering this issue results in crashing openNDS (a Denial-of-Service condition). The issue occurs when the client is about to be authenticated, and can be triggered only when the BinAuth option is set.

CVE ID : CVE-2023-38313
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/openNDS/openNDS/releases/tag/v10.1.2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-38314

First published on : 17-11-2023 06:15:33
Last modified on : 17-11-2023 13:58:59

Description :
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a NULL pointer dereference in preauthenticated() that can be triggered with a crafted GET HTTP request with a missing redirect query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition).

CVE ID : CVE-2023-38314
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/openNDS/openNDS/releases/tag/v10.1.2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-38315

First published on : 17-11-2023 06:15:33
Last modified on : 17-11-2023 13:58:59

Description :
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a try_to_authenticate NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing client token query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition).

CVE ID : CVE-2023-38315
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/openNDS/openNDS/releases/tag/v10.1.2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-38316

First published on : 17-11-2023 06:15:33
Last modified on : 17-11-2023 13:58:59

Description :
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape callback is enabled, attackers can execute arbitrary OS commands by inserting them into the URL portion of HTTP GET requests.

CVE ID : CVE-2023-38316
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/openNDS/openNDS/releases/tag/v10.1.2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-38320

First published on : 17-11-2023 06:15:33
Last modified on : 17-11-2023 13:58:59

Description :
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a show_preauthpage NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing User-Agent header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition).

CVE ID : CVE-2023-38320
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/openNDS/openNDS/releases/tag/v10.1.2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-38322

First published on : 17-11-2023 06:15:33
Last modified on : 17-11-2023 13:58:59

Description :
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a do_binauth NULL pointer dereference that be triggered with a crafted GET HTTP request with a missing User-Agent HTTP header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). The issue occurs when the client is about to be authenticated, and can be triggered only when the BinAuth option is set.

CVE ID : CVE-2023-38322
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/openNDS/openNDS/releases/tag/v10.1.2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-38324

First published on : 17-11-2023 06:15:33
Last modified on : 17-11-2023 13:58:59

Description :
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It allows users to skip the splash page sequence when it is using the default FAS key and when OpenNDS is configured as FAS (default).

CVE ID : CVE-2023-38324
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/openNDS/openNDS/releases/tag/v10.1.2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-41101

First published on : 17-11-2023 06:15:34
Last modified on : 17-11-2023 13:58:59

Description :
An issue was discovered in the captive portal in OpenNDS before version 10.1.3. get_query in http_microhttpd.c does not validate the length of the query string of GET requests. This leads to a stack-based buffer overflow in versions 9.x and earlier, and to a heap-based buffer overflow in versions 10.x and later. Attackers may exploit the issue to crash OpenNDS (Denial-of-Service condition) or to inject and execute arbitrary bytecode (Remote Code Execution).

CVE ID : CVE-2023-41101
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/openNDS/openNDS/commit/c294cf30e0a2512062c66e6becb674557b4aed8d | source : cve@mitre.org
https://github.com/openNDS/openNDS/releases/tag/v10.1.3 | source : cve@mitre.org


Vulnerability ID : CVE-2023-41102

First published on : 17-11-2023 06:15:34
Last modified on : 17-11-2023 13:58:59

Description :
An issue was discovered in the captive portal in OpenNDS before version 10.1.3. It has multiple memory leaks due to not freeing up allocated memory. This may lead to a Denial-of-Service condition due to the consumption of all available memory.

CVE ID : CVE-2023-41102
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/openNDS/openNDS/commit/31dbf4aa069c5bb39a7926d86036ce3b04312b51 | source : cve@mitre.org
https://github.com/openNDS/openNDS/releases/tag/v10.1.3 | source : cve@mitre.org


Vulnerability ID : CVE-2020-11447

First published on : 17-11-2023 12:15:06
Last modified on : 17-11-2023 13:58:53

Description :
An issue was discovered on Bell HomeHub 3000 SG48222070 devices. Remote authenticated users can retrieve the serial number via cgi/json-req - this is an information leak because the serial number is intended to prove an actor's physical access to the device.

CVE ID : CVE-2020-11447
Source : cve@mitre.org
CVSS Score : /

References :
https://0xem.ma/posts/HH3K-CVE/ | source : cve@mitre.org
https://support.bell.ca/Internet/Connection-help/Access_control_in_the_Home_Hub_modems | source : cve@mitre.org


Vulnerability ID : CVE-2020-11448

First published on : 17-11-2023 12:15:07
Last modified on : 17-11-2023 13:58:53

Description :
An issue was discovered on Bell HomeHub 3000 SG48222070 devices. There is XSS related to the email field and the login page.

CVE ID : CVE-2020-11448
Source : cve@mitre.org
CVSS Score : /

References :
https://0xem.ma/posts/HH3K-CVE/ | source : cve@mitre.org
https://support.bell.ca/Internet/Connection-help/Access_control_in_the_Home_Hub_modems | source : cve@mitre.org


Vulnerability ID : CVE-2023-48029

First published on : 17-11-2023 13:15:09
Last modified on : 17-11-2023 13:58:53

Description :
Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution of the malicious payload on the administrator's computer.

CVE ID : CVE-2023-48029
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/bugplorer/09d312373066a3b72996ebd76a7a23a5 | source : cve@mitre.org
https://nitipoom-jar.github.io/CVE-2023-48029/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-48024

First published on : 17-11-2023 17:15:07
Last modified on : 17-11-2023 17:28:23

Description :
Liblisp through commit 4c65969 was discovered to contain a use-after-free vulnerability in void hash_destroy(hash_table_t *h) at hash.c

CVE ID : CVE-2023-48024
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/howerj/liblisp/issues/1 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48025

First published on : 17-11-2023 17:15:07
Last modified on : 17-11-2023 17:28:23

Description :
Liblisp through commit 4c65969 was discovered to contain a out-of-bounds-read vulnerability in unsigned get_length(lisp_cell_t * x) at eval.c

CVE ID : CVE-2023-48025
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/howerj/liblisp/issues/1 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48185

First published on : 17-11-2023 18:15:07
Last modified on : 18-11-2023 04:19:44

Description :
Directory Traversal vulnerability in TerraMaster v.s1.0 through v.2.295 allows a remote attacker to obtain sensitive information via a crafted GET request.

CVE ID : CVE-2023-48185
Source : cve@mitre.org
CVSS Score : /

References :
https://forum.terra-master.com/cn/viewtopic.php?f=100&t=3842&p=17623#p | source : cve@mitre.org
https://forum.terra-master.com/cn/viewtopic.php?f=100&t=3842&p=17623#p17623 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43177

First published on : 18-11-2023 00:15:07
Last modified on : 18-11-2023 04:19:44

Description :
CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes.

CVE ID : CVE-2023-43177
Source : cve@mitre.org
CVSS Score : /

References :
https://convergetp.com/2023/11/16/crushftp-zero-day-cve-2023-43177-discovered/ | source : cve@mitre.org
https://github.com/the-emmons/CVE-Disclosures/blob/main/Pending/CrushFTP-2023-1.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-44796

First published on : 18-11-2023 00:15:07
Last modified on : 18-11-2023 04:19:44

Description :
Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component.

CVE ID : CVE-2023-44796
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Hebing123/CVE-2023-44796/issues/1 | source : cve@mitre.org
https://github.com/LimeSurvey/LimeSurvey/pull/3483 | source : cve@mitre.org
https://github.com/limesurvey/limesurvey/commit/135511073c51c332613dd7fad9a8ca0aad34a3fe | source : cve@mitre.org


Vulnerability ID : CVE-2023-46402

First published on : 18-11-2023 00:15:07
Last modified on : 18-11-2023 04:19:44

Description :
git-urls version 1.0.1 is vulnerable to ReDOS (Regular Expression Denial of Service) in Go package.

CVE ID : CVE-2023-46402
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/6en6ar/7c2424c93e7fbf2b6fc44e7fb9acb95d | source : cve@mitre.org


Vulnerability ID : CVE-2023-48028

First published on : 18-11-2023 00:15:07
Last modified on : 18-11-2023 04:19:44

Description :
kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the login page, where an attacker can identify valid users based on varying response messages, potentially paving the way for a brute force attack.

CVE ID : CVE-2023-48028
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/bugplorer/9ae8ad7a9f2a3053ebd07a1b7b54deae | source : cve@mitre.org
https://nitipoom-jar.github.io/CVE-2023-48028/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-48017

First published on : 18-11-2023 02:15:47
Last modified on : 18-11-2023 04:19:44

Description :
Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management.

CVE ID : CVE-2023-48017
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/moonsabc123/dreamer_cms/blob/main/Add%20permissions%20to%20CSRF%20in%20Permission%20Management.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-40809

First published on : 18-11-2023 04:15:07
Last modified on : 18-11-2023 04:19:44

Description :
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number.

CVE ID : CVE-2023-40809
Source : cve@mitre.org
CVSS Score : /

References :
https://www.esecforte.com/cve-2023-40809-html-injection-search/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-40810

First published on : 18-11-2023 04:15:07
Last modified on : 18-11-2023 04:19:44

Description :
OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field.

CVE ID : CVE-2023-40810
Source : cve@mitre.org
CVSS Score : /

References :
https://www.esecforte.com/cve-2023-40810-html-injection-product-creation/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-40812

First published on : 18-11-2023 04:15:07
Last modified on : 18-11-2023 04:19:44

Description :
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field.

CVE ID : CVE-2023-40812
Source : cve@mitre.org
CVSS Score : /

References :
https://www.esecforte.com/cve-2023-40812-html-injection-accounts-group/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-40813

First published on : 18-11-2023 04:15:07
Last modified on : 18-11-2023 04:19:44

Description :
OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Saved Search Creation.

CVE ID : CVE-2023-40813
Source : cve@mitre.org
CVSS Score : /

References :
https://www.esecforte.com/cve-2023-40813-html-injection-saved-search/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-40814

First published on : 18-11-2023 04:15:07
Last modified on : 18-11-2023 04:19:44

Description :
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name Field.

CVE ID : CVE-2023-40814
Source : cve@mitre.org
CVSS Score : /

References :
https://www.esecforte.com/cve-2023-40814-html-injection-accounts/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-40815

First published on : 18-11-2023 04:15:07
Last modified on : 18-11-2023 04:19:44

Description :
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field.

CVE ID : CVE-2023-40815
Source : cve@mitre.org
CVSS Score : /

References :
https://www.esecforte.com/cve-2023-40815-html-injection-category/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-40816

First published on : 18-11-2023 04:15:07
Last modified on : 18-11-2023 04:19:44

Description :
OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field.

CVE ID : CVE-2023-40816
Source : cve@mitre.org
CVSS Score : /

References :
https://www.esecforte.com/cve-2023-40816-html-injection-activity-milestone/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-40817

First published on : 18-11-2023 04:15:07
Last modified on : 18-11-2023 04:19:44

Description :
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field.

CVE ID : CVE-2023-40817
Source : cve@mitre.org
CVSS Score : /

References :
https://www.esecforte.com/cve-2023-40817-html-injection-product-configuration/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-48736

First published on : 18-11-2023 19:15:07
Last modified on : 20-11-2023 00:02:59

Description :
In International Color Consortium DemoIccMAX 3e7948b, CIccCLUT::Interp2d in IccTagLut.cpp in libSampleICC.a has an out-of-bounds read.

CVE ID : CVE-2023-48736
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/InternationalColorConsortium/DemoIccMAX/pull/58 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48039

First published on : 20-11-2023 15:15:09
Last modified on : 20-11-2023 19:18:51

Description :
GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_parse_string media_tools/mpd.c:75.

CVE ID : CVE-2023-48039
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/gpac/gpac/issues/2679 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48090

First published on : 20-11-2023 15:15:09
Last modified on : 20-11-2023 19:18:51

Description :
GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_attributes media_tools/m3u8.c:329.

CVE ID : CVE-2023-48090
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/gpac/gpac/issues/2680 | source : cve@mitre.org


Vulnerability ID : CVE-2023-38879

First published on : 20-11-2023 19:15:08
Last modified on : 20-11-2023 19:18:51

Description :
The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a directory traversal vulnerability in the 'filename' parameter of 'DownloadWindow.php'.

CVE ID : CVE-2023-38879
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/OS4ED/openSIS-Classic | source : cve@mitre.org
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38879 | source : cve@mitre.org
https://www.os4ed.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-38880

First published on : 20-11-2023 19:15:08
Last modified on : 20-11-2023 19:18:51

Description :
The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of "opensisBackup<date>.sq|" (e.g. "opensisBackup07-20-2023.sql"), i.e. can easily be guessed. This file can be accessed by any unauthenticated actor and contains a dump of the whole database including password hashes.

CVE ID : CVE-2023-38880
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/OS4ED/openSIS-Classic | source : cve@mitre.org
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38880 | source : cve@mitre.org
https://www.os4ed.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-38881

First published on : 20-11-2023 19:15:08
Last modified on : 20-11-2023 19:18:51

Description :
A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into any of the 'calendar_id', 'school_date', 'month' or 'year' parameters in 'CalendarModal.php'.

CVE ID : CVE-2023-38881
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/OS4ED/openSIS-Classic | source : cve@mitre.org
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38881 | source : cve@mitre.org
https://www.os4ed.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-38882

First published on : 20-11-2023 19:15:08
Last modified on : 20-11-2023 19:18:51

Description :
A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'include' parameter in 'ForExport.php'

CVE ID : CVE-2023-38882
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/OS4ED/openSIS-Classic | source : cve@mitre.org
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38882 | source : cve@mitre.org
https://www.os4ed.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-38883

First published on : 20-11-2023 19:15:08
Last modified on : 20-11-2023 19:18:51

Description :
A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'ajax' parameter in 'ParentLookup.php'.

CVE ID : CVE-2023-38883
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/OS4ED/openSIS-Classic | source : cve@mitre.org
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38883 | source : cve@mitre.org
https://www.os4ed.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-38884

First published on : 20-11-2023 19:15:08
Last modified on : 20-11-2023 19:18:46

Description :
An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/<studentId>-<filename>'

CVE ID : CVE-2023-38884
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/OS4ED/openSIS-Classic | source : cve@mitre.org
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38884 | source : cve@mitre.org
https://www.os4ed.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-38885

First published on : 20-11-2023 19:15:08
Last modified on : 20-11-2023 19:18:46

Description :
OpenSIS Classic Community Edition version 9.0 lacks cross-site request forgery (CSRF) protection throughout the whole app. This may allow an attacker to trick an authenticated user into performing any kind of state changing request.

CVE ID : CVE-2023-38885
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/OS4ED/openSIS-Classic | source : cve@mitre.org
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38885 | source : cve@mitre.org
https://www.os4ed.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-38823

First published on : 20-11-2023 20:15:07
Last modified on : 20-11-2023 20:15:07

Description :
Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd.

CVE ID : CVE-2023-38823
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/nhtri2003gmail/CVE_report/blob/master/CVE-2023-38823.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-46990

First published on : 20-11-2023 20:15:07
Last modified on : 20-11-2023 20:15:07

Description :
Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function.

CVE ID : CVE-2023-46990
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/sanluan/PublicCMS/issues/76#issue-1960443408 | source : cve@mitre.org


Vulnerability ID : CVE-2023-47417

First published on : 20-11-2023 20:15:07
Last modified on : 20-11-2023 20:15:07

Description :
Cross Site Scripting (XSS) vulnerability in the component /shells/embedder.html of DZSlides after v2011.07.25 allows attackers to execute arbitrary code via a crafted payload.

CVE ID : CVE-2023-47417
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/cd80/5b7702ffbfc8531f30b56356a4a7f4dd | source : cve@mitre.org
https://github.com/paulrouget/dzslides | source : cve@mitre.org


Vulnerability ID : CVE-2023-48109

First published on : 20-11-2023 20:15:07
Last modified on : 20-11-2023 20:15:07

Description :
Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via the deviceId parameter in the function saveParentControlInfo . This vulnerability allows attackers to cause a Denial of Service (DoS) attack

CVE ID : CVE-2023-48109
Source : cve@mitre.org
CVSS Score : /

References :
http://tjr181.com/index.php/archives/13/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-48110

First published on : 20-11-2023 20:15:07
Last modified on : 20-11-2023 20:15:07

Description :
Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via the urls parameter in the function saveParentControlInfo . This vulnerability allows attackers to cause a Denial of Service (DoS) attack

CVE ID : CVE-2023-48110
Source : cve@mitre.org
CVSS Score : /

References :
http://tjr181.com/index.php/archives/13/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-48111

First published on : 20-11-2023 20:15:07
Last modified on : 20-11-2023 20:15:07

Description :
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the function saveParentControlInfo . This vulnerability allows attackers to cause a Denial of Service (DoS) attack

CVE ID : CVE-2023-48111
Source : cve@mitre.org
CVSS Score : /

References :
http://tjr181.com/index.php/archives/13/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46470

First published on : 20-11-2023 21:15:08
Last modified on : 20-11-2023 21:15:08

Description :
Cross Site Scripting vulnerability in Space Applications Services Yamcs v.5.8.6 allows a remote attacker to execute arbitrary code via crafted telecommand in the timeline view of the ArchiveBrowser.

CVE ID : CVE-2023-46470
Source : cve@mitre.org
CVSS Score : /

References :
https://www.linkedin.com/pulse/more-xss-clickjacking-yamcs-v586-visionspace-technologies-uvevf | source : cve@mitre.org


Vulnerability ID : CVE-2023-46471

First published on : 20-11-2023 21:15:08
Last modified on : 20-11-2023 21:15:08

Description :
Cross Site Scripting vulnerability in Space Applications Services Yamcs v.5.8.6 allows a remote attacker to execute arbitrary code via the text variable scriptContainer of the ScriptViewer.

CVE ID : CVE-2023-46471
Source : cve@mitre.org
CVSS Score : /

References :
https://www.linkedin.com/pulse/more-xss-clickjacking-yamcs-v586-visionspace-technologies-uvevf | source : cve@mitre.org


Vulnerability ID : CVE-2023-47172

First published on : 20-11-2023 21:15:08
Last modified on : 20-11-2023 21:15:08

Description :
Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, and WithSecure Elements Endpoint Protection 17 and later.

CVE ID : CVE-2023-47172
Source : cve@mitre.org
CVSS Score : /

References :
https://www.withsecure.com/en/support/security-advisories/cve-2023-47172 | source : cve@mitre.org


Vulnerability ID : CVE-2023-47311

First published on : 20-11-2023 21:15:08
Last modified on : 20-11-2023 21:15:08

Description :
An issue in Yamcs 5.8.6 allows attackers to send aribitrary telelcommands in a Command Stack via Clickjacking.

CVE ID : CVE-2023-47311
Source : cve@mitre.org
CVSS Score : /

References :
https://www.linkedin.com/pulse/more-xss-clickjacking-yamcs-v586-visionspace-technologies-uvevf | source : cve@mitre.org


Vulnerability ID : CVE-2023-48176

First published on : 20-11-2023 22:15:07
Last modified on : 20-11-2023 22:15:07

Description :
An Insecure Permissions issue in WebsiteGuide v.0.2 allows a remote attacker to gain escalated privileges via crafted jwt (JSON web token).

CVE ID : CVE-2023-48176
Source : cve@mitre.org
CVSS Score : /

References :
https://prairie-steed-4d7.notion.site/WebsiteGuide-vulnerability-analysis-33a701c4fbf24555bffde17da0c73d8d?pvs=4 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48192

First published on : 20-11-2023 22:15:07
Last modified on : 20-11-2023 22:15:07

Description :
An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary code via the setTracerouteCfg function.

CVE ID : CVE-2023-48192
Source : cve@mitre.org
CVSS Score : /

References :
http://totolink.com | source : cve@mitre.org
https://github.com/zxsssd/TotoLink- | source : cve@mitre.org
https://www.totolink.net/ | source : cve@mitre.org


Source : jpcert.or.jp

Vulnerability ID : CVE-2023-38130

First published on : 17-11-2023 05:15:12
Last modified on : 17-11-2023 13:59:04

Description :
Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system.

CVE ID : CVE-2023-38130
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/ | source : vultures@jpcert.or.jp
https://jvn.jp/en/jp/JVN22220399/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-42428

First published on : 17-11-2023 05:15:12
Last modified on : 17-11-2023 13:59:04

Description :
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system.

CVE ID : CVE-2023-42428
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/ | source : vultures@jpcert.or.jp
https://jvn.jp/en/jp/JVN22220399/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-47283

First published on : 17-11-2023 05:15:12
Last modified on : 17-11-2023 13:59:04

Description :
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system.

CVE ID : CVE-2023-47283
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/ | source : vultures@jpcert.or.jp
https://jvn.jp/en/jp/JVN22220399/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-47675

First published on : 17-11-2023 05:15:12
Last modified on : 17-11-2023 13:59:04

Description :
CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command.

CVE ID : CVE-2023-47675
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/ | source : vultures@jpcert.or.jp
https://jvn.jp/en/jp/JVN22220399/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-46700

First published on : 20-11-2023 05:15:08
Last modified on : 20-11-2023 15:04:56

Description :
SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary SQL command by sending a crafted request, and obtain or alter information stored in the database.

CVE ID : CVE-2023-46700
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN15005948/ | source : vultures@jpcert.or.jp
https://www.luxsoft.eu/ | source : vultures@jpcert.or.jp
https://www.luxsoft.eu/?download | source : vultures@jpcert.or.jp
https://www.luxsoft.eu/lcforum/viewtopic.php?id=476 | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2023-47175

First published on : 20-11-2023 05:15:08
Last modified on : 20-11-2023 15:04:56

Description :
Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the product.

CVE ID : CVE-2023-47175
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN15005948/ | source : vultures@jpcert.or.jp
https://www.luxsoft.eu/ | source : vultures@jpcert.or.jp
https://www.luxsoft.eu/?download | source : vultures@jpcert.or.jp
https://www.luxsoft.eu/lcforum/viewtopic.php?id=476 | source : vultures@jpcert.or.jp


Source : cyber.jp.nec.com

Vulnerability ID : CVE-2023-39544

First published on : 17-11-2023 06:15:33
Last modified on : 17-11-2023 13:58:59

Description :
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.0 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.0 and earlier allows a attacker to log in to the product may execute an arbitrary command.

CVE ID : CVE-2023-39544
Source : psirt-info@cyber.jp.nec.com
CVSS Score : /

References :
https://jpn.nec.com/security-info/secinfo/nv23-009_en.html | source : psirt-info@cyber.jp.nec.com

Vulnerability : CWE-862


Vulnerability ID : CVE-2023-39545

First published on : 17-11-2023 06:15:33
Last modified on : 17-11-2023 13:58:59

Description :
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.0 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.0 and earlier allows a attacker to log in to the product may execute an arbitrary command.

CVE ID : CVE-2023-39545
Source : psirt-info@cyber.jp.nec.com
CVSS Score : /

References :
https://jpn.nec.com/security-info/secinfo/nv23-009_en.html | source : psirt-info@cyber.jp.nec.com

Vulnerability : CWE-552


Vulnerability ID : CVE-2023-39546

First published on : 17-11-2023 06:15:33
Last modified on : 17-11-2023 13:58:59

Description :
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.0 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.0 and earlier allows a attacker to log in to the product may execute an arbitrary command.

CVE ID : CVE-2023-39546
Source : psirt-info@cyber.jp.nec.com
CVSS Score : /

References :
https://jpn.nec.com/security-info/secinfo/nv23-009_en.html | source : psirt-info@cyber.jp.nec.com

Vulnerability : CWE-836


Vulnerability ID : CVE-2023-39547

First published on : 17-11-2023 06:15:34
Last modified on : 17-11-2023 13:58:59

Description :
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.0 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.0 and earlier allows a attacker to log in to the product may execute an arbitrary command.

CVE ID : CVE-2023-39547
Source : psirt-info@cyber.jp.nec.com
CVSS Score : /

References :
https://jpn.nec.com/security-info/secinfo/nv23-009_en.html | source : psirt-info@cyber.jp.nec.com

Vulnerability : CWE-294


Vulnerability ID : CVE-2023-39548

First published on : 17-11-2023 06:15:34
Last modified on : 17-11-2023 13:59:04

Description :
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.0 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.0 and earlier allows a attacker to log in to the product may execute an arbitrary command.

CVE ID : CVE-2023-39548
Source : psirt-info@cyber.jp.nec.com
CVSS Score : /

References :
https://jpn.nec.com/security-info/secinfo/nv23-009_en.html | source : psirt-info@cyber.jp.nec.com

Vulnerability : CWE-434


Source : apache.org

Vulnerability ID : CVE-2022-46337

First published on : 20-11-2023 09:15:07
Last modified on : 20-11-2023 15:04:56

Description :
A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware which was visible to and executable by the account which booted the Derby server. In LDAP-protected databases which weren't also protected by SQL GRANT/REVOKE authorization, this vulnerability could also let an attacker view and corrupt sensitive data and run sensitive database functions and procedures. Mitigation: Users should upgrade to Java 21 and Derby 10.17.1.0. Alternatively, users who wish to remain on older Java versions should build their own Derby distribution from one of the release families to which the fix was backported: 10.16, 10.15, and 10.14. Those are the releases which correspond, respectively, with Java LTS versions 17, 11, and 8.

CVE ID : CVE-2022-46337
Source : security@apache.org
CVSS Score : /

References :
https://lists.apache.org/thread/q23kvvtoohgzwybxpwozmvvk17rp0td3 | source : security@apache.org


Vulnerability ID : CVE-2023-46302

First published on : 20-11-2023 09:15:07
Last modified on : 20-11-2023 15:04:56

Description :
Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests (using application/yaml content-type), it defines a YamlEntityProvider entity provider that will process all incoming YAML requests. In order to unmarshal the request, the readFrom method is invoked, passing the entityStream containing the user-supplied data in `submarine-server/server-core/src/main/java/org/apache/submarine/server/utils/YamlUtils.java`. We have now fixed this issue in the new version by replacing to `jackson-dataformat-yaml`. This issue affects Apache Submarine: from 0.7.0 before 0.8.0. Users are recommended to upgrade to version 0.8.0, which fixes this issue. If using the version smaller than 0.8.0 and not want to upgrade, you can try cherry-pick PR https://github.com/apache/submarine/pull/1054 and rebuild the submart-server image to fix this.

CVE ID : CVE-2023-46302
Source : security@apache.org
CVSS Score : /

References :
https://github.com/apache/submarine/pull/1054 | source : security@apache.org
https://issues.apache.org/jira/browse/SUBMARINE-1371 | source : security@apache.org
https://lists.apache.org/thread/zf0wppzh239j4h131hm1dbswfnztxrr5 | source : security@apache.org

Vulnerability : CWE-502


Source : wpscan.com

Vulnerability ID : CVE-2023-4799

First published on : 20-11-2023 19:15:09
Last modified on : 20-11-2023 19:18:46

Description :
The Magic Embeds WordPress plugin through 3.0.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

CVE ID : CVE-2023-4799
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/04c71873-5ae7-4f94-8ba9-03e03ff55180 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-4808

First published on : 20-11-2023 19:15:09
Last modified on : 20-11-2023 19:18:46

Description :
The WP Post Popup WordPress plugin through 3.7.3 does not sanitise and escape some of its inputs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE ID : CVE-2023-4808
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/bb8e9f06-477b-4da3-b5a6-4f06084ecd57 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-4824

First published on : 20-11-2023 19:15:09
Last modified on : 20-11-2023 19:18:46

Description :
The WooHoo Newspaper Magazine theme does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

CVE ID : CVE-2023-4824
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/71c616ff-0a7e-4f6d-950b-79c469a28263 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-4970

First published on : 20-11-2023 19:15:09
Last modified on : 20-11-2023 19:18:46

Description :
The PubyDoc WordPress plugin through 2.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

CVE ID : CVE-2023-4970
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/845bbfdd-fe9f-487c-91a0-5fe10403d8a2 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5119

First published on : 20-11-2023 19:15:09
Last modified on : 20-11-2023 19:18:46

Description :
The Forminator WordPress plugin before 1.27.0 does not properly sanitize the redirect-url field in the form submission settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup).

CVE ID : CVE-2023-5119
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/229207bb-8f8d-4579-a8e2-54516474ccb4 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5140

First published on : 20-11-2023 19:15:09
Last modified on : 20-11-2023 19:18:46

Description :
The Bonus for Woo WordPress plugin before 5.8.3 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

CVE ID : CVE-2023-5140
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/ee1824e8-09a6-4763-b65e-03701dc3e171 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5340

First published on : 20-11-2023 19:15:09
Last modified on : 20-11-2023 19:18:46

Description :
The Five Star Restaurant Menu and Food Ordering WordPress plugin before 2.4.11 unserializes user input via an AJAX action available to unauthenticated users, allowing them to perform PHP Object Injection when a suitable gadget is present on the blog.

CVE ID : CVE-2023-5340
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/91a5847a-62e7-4b98-a554-5eecb6a06e5b | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5343

First published on : 20-11-2023 19:15:09
Last modified on : 20-11-2023 19:18:46

Description :
The Popup box WordPress plugin before 3.7.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

CVE ID : CVE-2023-5343
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/74613b38-48f2-43d5-bae5-25c89ba7db6e | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5509

First published on : 20-11-2023 19:15:09
Last modified on : 20-11-2023 19:18:46

Description :
The myStickymenu WordPress plugin before 2.6.5 does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions.

CVE ID : CVE-2023-5509
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/3b33c262-e7f0-4310-b26d-4727d7c25c9d | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5609

First published on : 20-11-2023 19:15:09
Last modified on : 20-11-2023 19:18:46

Description :
The Seraphinite Accelerator WordPress plugin before 2.2.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CVE ID : CVE-2023-5609
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/aac4bcc8-b826-4165-aed3-f422dd178692 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5610

First published on : 20-11-2023 19:15:09
Last modified on : 20-11-2023 19:18:46

Description :
The Seraphinite Accelerator WordPress plugin before 2.2.29 does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect

CVE ID : CVE-2023-5610
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/e880a9fb-b089-4f98-9781-7d946f22777e | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5640

First published on : 20-11-2023 19:15:09
Last modified on : 20-11-2023 19:18:46

Description :
The Article Analytics WordPress plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection vulnerability.

CVE ID : CVE-2023-5640
Source : contact@wpscan.com
CVSS Score : /

References :
https://devl00p.github.io/posts/Injection-SQL-dans-le-plugin-Wordpress-Article-Analytics/ | source : contact@wpscan.com
https://wpscan.com/vulnerability/9a383ef5-0f1a-4894-8f78-845abcb5062d | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5651

First published on : 20-11-2023 19:15:09
Last modified on : 20-11-2023 19:18:46

Description :
The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated users, such as subscriber to delete arbitrary posts

CVE ID : CVE-2023-5651
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/a365c050-96ae-4266-aa87-850ee259ee2c | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5652

First published on : 20-11-2023 19:15:10
Last modified on : 20-11-2023 19:18:46

Description :
The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admin_init, allowing unauthenticated users to perform SQL injections

CVE ID : CVE-2023-5652
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/8ea46b9a-5239-476b-949d-49546371eac1 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5799

First published on : 20-11-2023 19:15:10
Last modified on : 20-11-2023 19:18:46

Description :
The WP Hotel Booking WordPress plugin before 2.0.8 does not have proper authorisation when deleting a package, allowing Contributor and above roles to delete posts that do no belong to them

CVE ID : CVE-2023-5799
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/3061f85e-a70e-49e5-bccf-ae9240f51178 | source : contact@wpscan.com


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.