Latest vulnerabilities of Monday, October 23, 2023 + weekend

Latest vulnerabilities of Monday, October 23, 2023 + weekend
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 10/23/2023 at 11:58:02 PM

(6) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : wordfence.com

Vulnerability ID : CVE-2020-36706

First published on : 20-10-2023 07:15:14
Last modified on : 20-10-2023 11:27:19

Description :
The Simple:Press – WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/admin/resources/jscript/ajaxupload/sf-uploader.php file in versions up to, and including, 6.6.0. This makes it possible for attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.

CVE ID : CVE-2020-36706
Source : security@wordfence.com
CVSS Score : 9.8

References :
https://blog.nintechnet.com/wordpress-simplepress-plugin-fixed-critical-vulnerabilities/ | source : security@wordfence.com
https://wpscan.com/vulnerability/27d4a8a5-9d81-4b42-92be-3f7d1ef22843 | source : security@wordfence.com
https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-simple-press-wordpress-forum-arbitrary-file-upload-6-6-0/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/53eba5b4-7cc0-48e1-bb9c-6ed3207151ab?source=cve | source : security@wordfence.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-4488

First published on : 20-10-2023 07:15:15
Last modified on : 20-10-2023 11:27:19

Description :
The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

CVE ID : CVE-2023-4488
Source : security@wordfence.com
CVSS Score : 9.8

References :
https://plugins.trac.wordpress.org/browser/dropbox-folder-share/trunk/HynoTech/UsosGenerales/js/editor-view.php?rev=2904670 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/647a2f27-092a-4db1-932d-87ae8c2efcca?source=cve | source : security@wordfence.com

Vulnerability : CWE-98


Vulnerability ID : CVE-2023-5414

First published on : 20-10-2023 07:15:17
Last modified on : 20-10-2023 11:27:12

Description :
The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the show_es_logs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including those belonging to other sites, for example in shared hosting environments.

CVE ID : CVE-2023-5414
Source : security@wordfence.com
CVSS Score : 9.1

References :
https://plugins.trac.wordpress.org/browser/email-subscribers/trunk/lite/includes/classes/class-email-subscribers-logs.php?rev=2919465#L28 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2977318%40email-subscribers%2Ftrunk&old=2972043%40email-subscribers%2Ftrunk&sfp_email=&sfph_mail=#file4 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/417186ba-36ef-4d06-bbcd-e85eb9219689?source=cve | source : security@wordfence.com

Vulnerability : CWE-22


Source : huntr.dev

Vulnerability ID : CVE-2023-5688

First published on : 20-10-2023 17:15:08
Last modified on : 20-10-2023 17:48:41

Description :
Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.

CVE ID : CVE-2023-5688
Source : security@huntr.dev
CVSS Score : 9.8

References :
https://github.com/modoboa/modoboa/commit/d33d3cd2d11dbfebd8162c46e2c2a9873919a967 | source : security@huntr.dev
https://huntr.com/bounties/0ceb10e4-952b-4ca4-baf8-5b6f12e3a8a7 | source : security@huntr.dev

Vulnerability : CWE-79


Source : mitre.org

Vulnerability ID : CVE-2023-37824

First published on : 20-10-2023 20:15:09
Last modified on : 21-10-2023 08:33:34

Description :
Sitolog sitologapplicationconnect v7.8.a and before was discovered to contain a SQL injection vulnerability via the component /activate_hook.php.

CVE ID : CVE-2023-37824
Source : cve@mitre.org
CVSS Score : 9.8

References :
https://security.friendsofpresta.org/modules/2023/10/11/sitologapplicationconnect.html | source : cve@mitre.org


Source : github.com

Vulnerability ID : CVE-2023-46117

First published on : 20-10-2023 19:15:09
Last modified on : 21-10-2023 08:33:34

Description :
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities. A vulnerability has been identified in reconftw where inadequate validation of retrieved subdomains may lead to a Remote Code Execution (RCE) attack. An attacker can exploit this vulnerability by crafting a malicious CSP entry on it's own domain. Successful exploitation can lead to the execution of arbitrary code within the context of the application, potentially compromising the system. This issue has been addressed in version 2.7.1.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-46117
Source : security-advisories@github.com
CVSS Score : 9.6

References :
https://github.com/six2dez/reconftw/commit/e639de356c0880fe5fe01a32de9d0c58afb5f086 | source : security-advisories@github.com
https://github.com/six2dez/reconftw/security/advisories/GHSA-fxwr-vr9x-wvjp | source : security-advisories@github.com

Vulnerability : CWE-78


(39) HIGH VULNERABILITIES [7.0, 8.9]

Source : wordfence.com

Vulnerability ID : CVE-2020-36698

First published on : 20-10-2023 07:15:14
Last modified on : 20-10-2023 11:27:19

Description :
The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to call functions and delete and/or upload files.

CVE ID : CVE-2020-36698
Source : security@wordfence.com
CVSS Score : 8.8

References :
https://blog.nintechnet.com/multiple-vulnerabilities-fixed-in-security-malware-scan-by-cleantalk-plugin/ | source : security@wordfence.com
https://wpscan.com/vulnerability/23960f42-dfc1-4951-9169-02d889283f01 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/0fb9b039-eb04-4c27-89eb-1932c9c31962?source=cve | source : security@wordfence.com

Vulnerability : CWE-862


Vulnerability ID : CVE-2023-4598

First published on : 20-10-2023 07:15:15
Last modified on : 20-10-2023 11:27:19

Description :
The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVE ID : CVE-2023-4598
Source : security@wordfence.com
CVSS Score : 8.8

References :
https://plugins.trac.wordpress.org/browser/wp-slimstat/tags/5.0.8/admin/view/wp-slimstat-db.php#L970 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2959452%40wp-slimstat&new=2959452%40wp-slimstat&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/07c0f5a5-3455-4f06-b481-f4d678309c50?source=cve | source : security@wordfence.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2021-4334

First published on : 20-10-2023 08:15:11
Last modified on : 20-10-2023 11:27:08

Description :
The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_options function in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify site options, including setting the default role to administrator which can allow privilege escalation.

CVE ID : CVE-2021-4334
Source : security@wordfence.com
CVSS Score : 8.8

References :
https://support.fancyproductdesigner.com/support/discussions/topics/13000029981 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/ea097cb7-85f4-4b6d-9f29-bc2636993f21?source=cve | source : security@wordfence.com

Vulnerability : CWE-285


Vulnerability ID : CVE-2022-2441

First published on : 20-10-2023 08:15:11
Last modified on : 20-10-2023 11:27:08

Description :
The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted they can trick a site administrator into performing an action such as clicking on a link. This makes it possible for an attacker to create and or modify files hosted on the server which can easily grant attackers backdoor access to the affected server.

CVE ID : CVE-2022-2441
Source : security@wordfence.com
CVSS Score : 8.8

References :
https://github.com/orangelabweb/imagemagick-engine/blob/1.7.4/imagemagick-engine.php#L529 | source : security@wordfence.com
https://github.com/orangelabweb/imagemagick-engine/blob/v.1.7.2/imagemagick-engine.php#L529 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2801283%40imagemagick-engine%2Ftrunk&old=2732430%40imagemagick-engine%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.exploit-db.com/exploits/51025 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/b1f17a83-1df0-44fe-bd86-243cff6ec91b?source=cve | source : security@wordfence.com
https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-2441 | source : security@wordfence.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2022-4290

First published on : 20-10-2023 08:15:11
Last modified on : 20-10-2023 11:27:08

Description :
The Cyr to Lat plugin for WordPress is vulnerable to authenticated SQL Injection via the 'ctl_sanitize_title' function in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This potentially allows authenticated users with the ability to add or modify terms or tags to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. A partial patch became available in version 3.6 and the issue was fully patched in version 3.7.

CVE ID : CVE-2022-4290
Source : security@wordfence.com
CVSS Score : 8.8

References :
https://plugins.trac.wordpress.org/browser/cyr3lat/trunk/cyr-to-lat.php?rev=1117224#L69 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/c9c29130-1b42-4edd-ad62-6f635e03ae31?source=cve | source : security@wordfence.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-4999

First published on : 20-10-2023 08:15:12
Last modified on : 20-10-2023 11:27:04

Description :
The Horizontal scrolling announcement plugin for WordPress is vulnerable to SQL Injection via the plugin's [horizontal-scrolling] shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVE ID : CVE-2023-4999
Source : security@wordfence.com
CVSS Score : 8.8

References :
https://plugins.trac.wordpress.org/browser/horizontal-scrolling-announcement/trunk/horizontal-scrolling-announcement.php#L79 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/bf50922a-58a6-4ca4-80b7-cafb37b87216?source=cve | source : security@wordfence.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-4274

First published on : 20-10-2023 07:15:15
Last modified on : 20-10-2023 11:27:19

Description :
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 0.9.89. This allows authenticated attackers with administrative privileges to delete the contents of arbitrary directories on the server, which can be a critical issue in a shared environments.

CVE ID : CVE-2023-4274
Source : security@wordfence.com
CVSS Score : 8.7

References :
https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/tags/0.9.89/includes/class-wpvivid-setting.php#L200 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2956458%40wpvivid-backuprestore%2Ftrunk&old=2948265%40wpvivid-backuprestore%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/5d94f38f-4b52-4b0d-800c-a6fca40bda3c?source=cve | source : security@wordfence.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-4402

First published on : 20-10-2023 07:15:15
Last modified on : 20-10-2023 11:27:19

Description :
The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

CVE ID : CVE-2023-4402
Source : security@wordfence.com
CVSS Score : 8.1

References :
https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/API/Product.php?rev=2950425#L49 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/1ede7a25-9bb2-408e-b7fb-e5bd4f594351?source=cve | source : security@wordfence.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-4386

First published on : 20-10-2023 08:15:12
Last modified on : 20-10-2023 11:27:08

Description :
The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

CVE ID : CVE-2023-4386
Source : security@wordfence.com
CVSS Score : 8.1

References :
https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/API/PostBlock.php?rev=2950425#L30 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/af468f83-d6ad-474c-bf7f-c4eeb6df1b54?source=cve | source : security@wordfence.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-5576

First published on : 20-10-2023 07:15:17
Last modified on : 20-10-2023 11:27:12

Description :
The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 0.9.91 via Google Drive API secrets stored in plaintext in the publicly visible plugin source. This could allow unauthenticated attackers to impersonate the WPVivid Google Drive account via the API if they can trick a user into reauthenticating via another vulnerability or social engineering.

CVE ID : CVE-2023-5576
Source : security@wordfence.com
CVSS Score : 8.0

References :
https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/tags/0.9.91/includes/customclass/client_secrets.json | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2977863/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/4658109d-295c-4a1b-b219-ca1f4664ff1d?source=cve | source : security@wordfence.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2022-3342

First published on : 20-10-2023 08:15:11
Last modified on : 20-10-2023 11:27:08

Description :
The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to, and including, 5.3.1. While the function performs a nonce check, steps 2 and 3 of the check do not take any action upon a failed check. These steps then perform a 'file_exists' check on the value of 'zbscrmcsvimpf'. If a phar:// archive is supplied, its contents will be deserialized and an object injected in the execution stream. This allows an unauthenticated attacker to obtain object injection if they are able to upload a phar archive (for instance if the site supports image uploads) and then trick an administrator into performing an action, such as clicking a link.

CVE ID : CVE-2022-3342
Source : security@wordfence.com
CVSS Score : 7.5

References :
https://plugins.trac.wordpress.org/browser/zero-bs-crm/trunk/includes/ZeroBSCRM.CSVImporter.php?rev=2790863 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2805282/zero-bs-crm/trunk/includes/ZeroBSCRM.CSVImporter.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/98ab264f-b210-41d0-bb6f-b4f31d933f80?source=cve | source : security@wordfence.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2022-4943

First published on : 20-10-2023 08:15:11
Last modified on : 20-10-2023 11:27:08

Description :
The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin's settings.

CVE ID : CVE-2022-4943
Source : security@wordfence.com
CVSS Score : 7.5

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2842228%40miniorange-2-factor-authentication%2Ftrunk&old=2815645%40miniorange-2-factor-authentication%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/7267ede1-7745-47cc-ac0d-4362140b4c23?source=cve | source : security@wordfence.com

Vulnerability : CWE-862


Vulnerability ID : CVE-2023-5132

First published on : 21-10-2023 02:15:07
Last modified on : 21-10-2023 08:33:34

Description :
The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the parseRemoteRequest function in versions up to, and including, 6.0.1. This makes it possible for unauthenticated attackers with knowledge of an existing WooCommerce Order ID to expose sensitive WooCommerce order information (e.g., Name, Address, Email Address, and other order metadata).

CVE ID : CVE-2023-5132
Source : security@wordfence.com
CVSS Score : 7.5

References :
https://plugins.trac.wordpress.org/browser/soisy-pagamento-rateale/trunk/public/class-soisy-pagamento-rateale-public.php#L465 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d3c997cd-37b4-4b9c-b99e-397be484aa36?source=cve | source : security@wordfence.com

Vulnerability : CWE-862


Vulnerability ID : CVE-2020-36714

First published on : 20-10-2023 08:15:11
Last modified on : 20-10-2023 11:27:12

Description :
The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the is_administrator() function in versions up to, and including, 1.0.125. This makes it possible for authenticated attackers to access and interact with available AJAX functions.

CVE ID : CVE-2020-36714
Source : security@wordfence.com
CVSS Score : 7.4

References :
https://blog.nintechnet.com/wordpress-brizy-page-builder-plugin-fixed-critical-vulnerabilities/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/9495e25d-a5a6-4f25-9363-783626e58a4a?source=cve | source : security@wordfence.com

Vulnerability : CWE-285


Vulnerability ID : CVE-2022-4712

First published on : 20-10-2023 07:15:14
Last modified on : 20-10-2023 11:27:19

Description :
The WP Cerber Security plugin for WordPress is vulnerable to stored cross-site scripting via the log parameter when logging in to the site in versions up to, and including, 9.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2022-4712
Source : security@wordfence.com
CVSS Score : 7.2

References :
https://plugins.trac.wordpress.org/browser/wp-cerber/trunk/admin/cerber-dashboard.php?rev=2721561#L1338 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/6cd9cbba-10b0-4fb0-ad49-4593a307a615?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Source : qnapsecurity.com.tw

Vulnerability ID : CVE-2023-23373

First published on : 20-10-2023 17:15:08
Last modified on : 20-10-2023 17:48:41

Description :
An OS command injection vulnerability has been reported to affect QUSBCam2. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following version: QUSBCam2 2.0.3 ( 2023/06/15 ) and later

CVE ID : CVE-2023-23373
Source : security@qnapsecurity.com.tw
CVSS Score : 8.8

References :
https://www.qnap.com/en/security-advisory/qsa-23-43 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-78


Source : sick.de

Vulnerability ID : CVE-2023-5246

First published on : 23-10-2023 13:15:09
Last modified on : 23-10-2023 13:23:01

Description :
Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availabilty, integrity and confidentaility of the gateways via an authentication bypass by capture-replay.

CVE ID : CVE-2023-5246
Source : psirt@sick.de
CVSS Score : 8.8

References :
https://sick.com/.well-known/csaf/white/2023/sca-2023-0011.json | source : psirt@sick.de
https://sick.com/.well-known/csaf/white/2023/sca-2023-0011.pdf | source : psirt@sick.de
https://sick.com/psirt | source : psirt@sick.de


Source : m-files.com

Vulnerability ID : CVE-2023-5523

First published on : 20-10-2023 07:15:17
Last modified on : 20-10-2023 11:27:12

Description :
Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution

CVE ID : CVE-2023-5523
Source : security@m-files.com
CVSS Score : 8.6

References :
https://www.m-files.com/about/trust-center/security-advisories/cve-2023-5523/ | source : security@m-files.com

Vulnerability : CWE-829


Vulnerability ID : CVE-2023-5524

First published on : 20-10-2023 07:15:17
Last modified on : 20-10-2023 11:27:12

Description :
Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution via specific file types

CVE ID : CVE-2023-5524
Source : security@m-files.com
CVSS Score : 8.2

References :
https://www.m-files.com/about/trust-center/security-advisories/cve-2023-5524/ | source : security@m-files.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-2325

First published on : 20-10-2023 07:15:15
Last modified on : 20-10-2023 11:27:19

Description :
Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document.

CVE ID : CVE-2023-2325
Source : security@m-files.com
CVSS Score : 7.3

References :
https://www.m-files.com/about/trust-center/security-advisories/cve-2023-2325/ | source : security@m-files.com

Vulnerability : CWE-79


Source : github.com

Vulnerability ID : CVE-2023-46115

First published on : 20-10-2023 00:15:16
Last modified on : 20-10-2023 11:27:23

Description :
Tauri is a framework for building binaries for all major desktop platforms. This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled Tauri applications using the Vite frontend in a specific configuration. The Tauri documentation used an insecure example configuration in the `Vite guide` to showcase how to use Tauri together with Vite. Copying the following snippet `envPrefix: ['VITE_', 'TAURI_'],` from this guide into the `vite.config.ts` of a Tauri project leads to bundling the `TAURI_PRIVATE_KEY` and `TAURI_KEY_PASSWORD` into the Vite frontend code and therefore leaking this value to the released Tauri application. Using the `envPrefix: ['VITE_'],` or any other framework than Vite means you are not impacted by this advisory. Users are advised to rotate their updater private key if they are affected by this (requires Tauri CLI >=1.5.5). After updating the envPrefix configuration, generate a new private key with `tauri signer generate`, saving the new private key and updating the updater's `pubkey` value on `tauri.conf.json` with the new public key. To update your existing application, the next application build must be signed with the older private key in order to be accepted by the existing application.

CVE ID : CVE-2023-46115
Source : security-advisories@github.com
CVSS Score : 8.4

References :
https://github.com/tauri-apps/tauri/security/advisories/GHSA-2rcp-jvr4-r259 | source : security-advisories@github.com
https://tauri.app/v1/guides/getting-started/setup/vite/ | source : security-advisories@github.com

Vulnerability : CWE-200
Vulnerability : CWE-522


Vulnerability ID : CVE-2023-45805

First published on : 20-10-2023 19:15:08
Last modified on : 21-10-2023 08:33:34

Description :
pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious `pdm.lock` file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project `foo` can be targeted by creating the project `foo-2` and uploading the file `foo-2-2.tar.gz` to pypi.org. PyPI will see this as project `foo-2` version `2`, while PDM will see this as project `foo` version `2-2`. The version must only be `parseable as a version` and the filename must be a prefix of the project name, but it's not verified to match the version being installed. Version `2-2` is also not a valid normalized version per PEP 440. Matching the project name exactly (not just prefix) would fix the issue. When installing dependencies with PDM, what's actually installed could differ from what's listed in `pyproject.toml` (including arbitrary code execution on install). It could also be used for downgrade attacks by only changing the version. This issue has been addressed in commit `6853e2642df` which is included in release version `2.9.4`. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-45805
Source : security-advisories@github.com
CVSS Score : 7.8

References :
https://github.com/frostming/unearth/blob/eca170d9370ac5032f2e497ee9b1b63823d3fe0f/src/unearth/evaluator.py#L215-L229 | source : security-advisories@github.com
https://github.com/pdm-project/pdm/blob/45d1dfa47d4900c14a31b9bb761e4c46eb5c9442/src/pdm/models/candidates.py#L98-L99 | source : security-advisories@github.com
https://github.com/pdm-project/pdm/commit/6853e2642dfa281d4a9958fbc6c95b7e32d84831 | source : security-advisories@github.com
https://github.com/pdm-project/pdm/security/advisories/GHSA-j44v-mmf2-xvm9 | source : security-advisories@github.com
https://peps.python.org/pep-0440/#post-release-spelling | source : security-advisories@github.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-45664

First published on : 21-10-2023 00:15:09
Last modified on : 21-10-2023 08:33:34

Description :
stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null pointer. Since it attempts to double-free the memory a few lines below the first “free”, the issue can be potentially exploited only in a multi-threaded environment. In the worst case this may lead to code execution.

CVE ID : CVE-2023-45664
Source : security-advisories@github.com
CVSS Score : 7.3

References :
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6993-L6995 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ | source : security-advisories@github.com

Vulnerability : CWE-415


Vulnerability ID : CVE-2023-45666

First published on : 21-10-2023 00:15:09
Last modified on : 21-10-2023 08:33:34

Description :
stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a call to `stbi__load_gif_main_outofmem` only frees possibly allocated memory in `*delays` without resetting it to zero. Thus it would be fair to say the caller of `stbi__load_gif_main` is responsible to free the allocated memory in `*delays` only if `stbi__load_gif_main` returns a non null value. However at the same time the function may return null value, but fail to free the memory in `*delays` if internally `stbi__convert_format` is called and fails. Thus the issue may lead to a memory leak if the caller chooses to free `delays` only when `stbi__load_gif_main` didn’t fail or to a double-free if the `delays` is always freed

CVE ID : CVE-2023-45666
Source : security-advisories@github.com
CVSS Score : 7.3

References :
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6957 | source : security-advisories@github.com
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6962-L7045 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ | source : security-advisories@github.com

Vulnerability : CWE-415


Vulnerability ID : CVE-2023-45676

First published on : 21-10-2023 00:15:09
Last modified on : 21-10-2023 08:33:34

Description :
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[i] = get8_packet(f);`. The root cause is an integer overflow in `setup_malloc`. A sufficiently large value in the variable `sz` overflows with `sz+7` in and the negative value passes the maximum available memory buffer check. This issue may lead to code execution.

CVE ID : CVE-2023-45676
Source : security-advisories@github.com
CVSS Score : 7.3

References :
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3656 | source : security-advisories@github.com
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L950-L960 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ | source : security-advisories@github.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-45677

First published on : 21-10-2023 00:15:09
Last modified on : 21-10-2023 08:33:34

Description :
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if `len` read in `start_decoder` is a negative number and `setup_malloc` successfully allocates memory in that case, but memory write is done with a negative index `len`. Similarly if len is INT_MAX the integer overflow len+1 happens in `f->vendor = (char*)setup_malloc(f, sizeof(char) * (len+1));` and `f->comment_list[i] = (char*)setup_malloc(f, sizeof(char) * (len+1));`. This issue may lead to code execution.

CVE ID : CVE-2023-45677
Source : security-advisories@github.com
CVSS Score : 7.3

References :
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3652-L3658 | source : security-advisories@github.com
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3653 | source : security-advisories@github.com
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3658 | source : security-advisories@github.com
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3670C7-L3670C75 | source : security-advisories@github.com
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L950-L961 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ | source : security-advisories@github.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-45679

First published on : 21-10-2023 00:15:09
Last modified on : 21-10-2023 08:33:34

Description :
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later `setup_free` is called on these pointers in `vorbis_deinit`. This issue may lead to code execution.

CVE ID : CVE-2023-45679
Source : security-advisories@github.com
CVSS Score : 7.3

References :
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3660-L3677 | source : security-advisories@github.com
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L4208-L4215 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ | source : security-advisories@github.com

Vulnerability : CWE-415


Vulnerability ID : CVE-2023-45681

First published on : 21-10-2023 00:15:09
Last modified on : 21-10-2023 08:33:34

Description :
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make `setup_malloc` allocate less memory than required. Since there is another integer overflow an attacker may overflow it too to force `setup_malloc` to return 0 and make the exploit more reliable. This issue may lead to code execution.

CVE ID : CVE-2023-45681
Source : security-advisories@github.com
CVSS Score : 7.3

References :
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3660-L3677 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ | source : security-advisories@github.com

Vulnerability : CWE-787


Source : mitre.org

Vulnerability ID : CVE-2023-46306

First published on : 22-10-2023 21:15:07
Last modified on : 23-10-2023 11:35:01

Description :
The web administration interface in NetModule Router Software (NRSW) 4.6 before 4.6.0.106 and 4.8 before 4.8.0.101 executes an OS command constructed with unsanitized user input: shell metacharacters in the /admin/gnssAutoAlign.php device_id parameter. This occurs because another thread can be started before the trap that triggers the cleanup function. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. NOTE: this is different from CVE-2023-0861 and CVE-2023-0862, which were fixed in version 4.6.0.105.

CVE ID : CVE-2023-46306
Source : cve@mitre.org
CVSS Score : 8.4

References :
https://pentest.blog/advisory-netmodule-router-software-race-condition-leads-to-remote-code-execution/ | source : cve@mitre.org
https://share.netmodule.com/public/system-software/4.6/4.6.0.106/NRSW-RN-4.6.0.106.pdf | source : cve@mitre.org
https://share.netmodule.com/public/system-software/4.8/4.8.0.101/NRSW-RN-4.8.0.101.pdf | source : cve@mitre.org


Vulnerability ID : CVE-2023-39680

First published on : 20-10-2023 07:15:15
Last modified on : 20-10-2023 11:27:19

Description :
Sollace Unicopia version 1.1.1 and before was discovered to deserialize untrusted data, allowing attackers to execute arbitrary code.

CVE ID : CVE-2023-39680
Source : cve@mitre.org
CVSS Score : 7.5

References :
https://gist.github.com/apple502j/4ab77291c98e45f4a5bf780c8eda8afa | source : cve@mitre.org


Source : zscaler.com

Vulnerability ID : CVE-2023-28804

First published on : 23-10-2023 14:15:09
Last modified on : 23-10-2023 14:27:22

Description :
An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Client Connector: before 1.4.0.105

CVE ID : CVE-2023-28804
Source : cve@zscaler.com
CVSS Score : 8.2

References :
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023 | source : cve@zscaler.com

Vulnerability : CWE-347


Vulnerability ID : CVE-2021-26738

First published on : 23-10-2023 14:15:09
Last modified on : 23-10-2023 14:27:22

Description :
Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be able to execute code with root privileges.

CVE ID : CVE-2021-26738
Source : cve@zscaler.com
CVSS Score : 7.8

References :
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=macOS&applicable_version=3.7&deployment_date=2022-08-19&id=1414851 | source : cve@zscaler.com

Vulnerability : CWE-426


Vulnerability ID : CVE-2023-28793

First published on : 23-10-2023 14:15:09
Last modified on : 23-10-2023 14:27:22

Description :
Buffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.

CVE ID : CVE-2023-28793
Source : cve@zscaler.com
CVSS Score : 7.8

References :
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=Linux&applicable_version=1.3.1&deployment_date=2022-09-19 | source : cve@zscaler.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-28795

First published on : 23-10-2023 14:15:09
Last modified on : 23-10-2023 14:27:22

Description :
Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.

CVE ID : CVE-2023-28795
Source : cve@zscaler.com
CVSS Score : 7.8

References :
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=Linux&applicable_version=1.3.1&deployment_date=2022-09-19 | source : cve@zscaler.com

Vulnerability : CWE-346


Vulnerability ID : CVE-2023-28796

First published on : 23-10-2023 14:15:09
Last modified on : 23-10-2023 14:27:22

Description :
Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.

CVE ID : CVE-2023-28796
Source : cve@zscaler.com
CVSS Score : 7.1

References :
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=Linux&applicable_version=1.3.1&deployment_date=2022-09-19 | source : cve@zscaler.com

Vulnerability : CWE-347


Source : silabs.com

Vulnerability ID : CVE-2023-3487

First published on : 20-10-2023 15:15:11
Last modified on : 20-10-2023 17:48:41

Description :
An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots.

CVE ID : CVE-2023-3487
Source : product-security@silabs.com
CVSS Score : 7.7

References :
https://community.silabs.com/s/contentdocument/0698Y00000ZmXqLQAV | source : product-security@silabs.com
https://github.com/SiliconLabs/gecko_sdk/releases | source : product-security@silabs.com

Vulnerability : CWE-125
Vulnerability : CWE-20
Vulnerability : CWE-787


Source : us.ibm.com

Vulnerability ID : CVE-2023-33839

First published on : 23-10-2023 20:15:08
Last modified on : 23-10-2023 20:15:08

Description :
IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 256036.

CVE ID : CVE-2023-33839
Source : psirt@us.ibm.com
CVSS Score : 7.2

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/256036 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7057377 | source : psirt@us.ibm.com

Vulnerability : CWE-78


Source : vmware.com

Vulnerability ID : CVE-2023-34044

First published on : 20-10-2023 09:15:12
Last modified on : 20-10-2023 11:27:04

Description :
VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.

CVE ID : CVE-2023-34044
Source : security@vmware.com
CVSS Score : 7.1

References :
https://www.vmware.com/security/advisories/VMSA-2023-0022.html | source : security@vmware.com


Source : huntr.dev

Vulnerability ID : CVE-2023-5689

First published on : 20-10-2023 17:15:08
Last modified on : 20-10-2023 17:48:41

Description :
Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.

CVE ID : CVE-2023-5689
Source : security@huntr.dev
CVSS Score : 7.1

References :
https://github.com/modoboa/modoboa/commit/d33d3cd2d11dbfebd8162c46e2c2a9873919a967 | source : security@huntr.dev
https://huntr.com/bounties/24835833-3421-412b-bafb-1b7ea3cf60e6 | source : security@huntr.dev

Vulnerability : CWE-79


(112) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : us.ibm.com

Vulnerability ID : CVE-2022-22466

First published on : 23-10-2023 20:15:08
Last modified on : 23-10-2023 20:15:08

Description :
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 225222.

CVE ID : CVE-2022-22466
Source : psirt@us.ibm.com
CVSS Score : 6.8

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/225222 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7057377 | source : psirt@us.ibm.com

Vulnerability : CWE-798


Vulnerability ID : CVE-2023-38722

First published on : 23-10-2023 18:15:09
Last modified on : 23-10-2023 18:18:33

Description :
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 262174.

CVE ID : CVE-2023-38722
Source : psirt@us.ibm.com
CVSS Score : 6.4

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/262174 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7057407 | source : psirt@us.ibm.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-38275

First published on : 22-10-2023 01:15:08
Last modified on : 23-10-2023 11:35:01

Description :
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. IBM X-Force ID: 260730.

CVE ID : CVE-2023-38275
Source : psirt@us.ibm.com
CVSS Score : 5.9

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/260735 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7031207 | source : psirt@us.ibm.com

Vulnerability : CWE-319


Vulnerability ID : CVE-2023-38276

First published on : 22-10-2023 02:15:07
Last modified on : 23-10-2023 11:35:01

Description :
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. IBM X-Force ID: 260736.

CVE ID : CVE-2023-38276
Source : psirt@us.ibm.com
CVSS Score : 5.9

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/260736 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7031207 | source : psirt@us.ibm.com

Vulnerability : CWE-319


Vulnerability ID : CVE-2023-43045

First published on : 23-10-2023 18:15:10
Last modified on : 23-10-2023 18:18:33

Description :
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. IBM X-Force ID: 266896.

CVE ID : CVE-2023-43045
Source : psirt@us.ibm.com
CVSS Score : 5.9

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/266896 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7057409 | source : psirt@us.ibm.com

Vulnerability : CWE-288


Vulnerability ID : CVE-2023-38735

First published on : 22-10-2023 02:15:07
Last modified on : 23-10-2023 11:35:01

Description :
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 262482.

CVE ID : CVE-2023-38735
Source : psirt@us.ibm.com
CVSS Score : 5.7

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/262482 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7031207 | source : psirt@us.ibm.com

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-33840

First published on : 23-10-2023 20:15:09
Last modified on : 23-10-2023 20:15:09

Description :
IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 256037.

CVE ID : CVE-2023-33840
Source : psirt@us.ibm.com
CVSS Score : 4.8

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/256037 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7057377 | source : psirt@us.ibm.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-33837

First published on : 23-10-2023 20:15:08
Last modified on : 23-10-2023 20:15:08

Description :
IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020.

CVE ID : CVE-2023-33837
Source : psirt@us.ibm.com
CVSS Score : 4.1

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/256020 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7057377 | source : psirt@us.ibm.com

Vulnerability : CWE-311


Source : vmware.com

Vulnerability ID : CVE-2023-34046

First published on : 20-10-2023 09:15:12
Last modified on : 20-10-2023 11:27:04

Description :
VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.

CVE ID : CVE-2023-34046
Source : security@vmware.com
CVSS Score : 6.7

References :
https://www.vmware.com/security/advisories/VMSA-2023-0022.html | source : security@vmware.com


Vulnerability ID : CVE-2023-34045

First published on : 20-10-2023 10:15:12
Last modified on : 20-10-2023 11:27:04

Description :
VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.

CVE ID : CVE-2023-34045
Source : security@vmware.com
CVSS Score : 6.6

References :
https://www.vmware.com/security/advisories/VMSA-2023-0022.html | source : security@vmware.com


Source : zscaler.com

Vulnerability ID : CVE-2021-26735

First published on : 23-10-2023 14:15:09
Last modified on : 23-10-2023 14:27:22

Description :
The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM privileges.

CVE ID : CVE-2021-26735
Source : cve@zscaler.com
CVSS Score : 6.7

References :
https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021 | source : cve@zscaler.com

Vulnerability : CWE-346


Vulnerability ID : CVE-2021-26736

First published on : 23-10-2023 14:15:09
Last modified on : 23-10-2023 14:27:22

Description :
Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. A local adversary may be able to execute code with SYSTEM privileges.

CVE ID : CVE-2021-26736
Source : cve@zscaler.com
CVSS Score : 6.7

References :
https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021 | source : cve@zscaler.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-28805

First published on : 23-10-2023 14:15:09
Last modified on : 23-10-2023 14:27:22

Description :
An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege Escalation. This issue affects Client Connector: before 1.4.0.105

CVE ID : CVE-2023-28805
Source : cve@zscaler.com
CVSS Score : 6.7

References :
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023 | source : cve@zscaler.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-28797

First published on : 23-10-2023 14:15:09
Last modified on : 23-10-2023 14:27:22

Description :
Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user.

CVE ID : CVE-2023-28797
Source : cve@zscaler.com
CVSS Score : 6.3

References :
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022 | source : cve@zscaler.com

Vulnerability : CWE-59


Vulnerability ID : CVE-2023-28803

First published on : 23-10-2023 14:15:09
Last modified on : 23-10-2023 14:27:22

Description :
An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass. This issue affects Client Connector: before 3.9.

CVE ID : CVE-2023-28803
Source : cve@zscaler.com
CVSS Score : 5.9

References :
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023 | source : cve@zscaler.com

Vulnerability : CWE-290


Vulnerability ID : CVE-2021-26737

First published on : 23-10-2023 14:15:09
Last modified on : 23-10-2023 14:27:22

Description :
The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. A local adversary without sufficient privileges may be able to shutdown the Zscaler tunnel by exploiting a race condition.

CVE ID : CVE-2021-26737
Source : cve@zscaler.com
CVSS Score : 5.5

References :
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=macOS&applicable_version=3.6&deployment_date=2022-01-07&id=1388686 | source : cve@zscaler.com

Vulnerability : CWE-346


Vulnerability ID : CVE-2021-26734

First published on : 23-10-2023 14:15:08
Last modified on : 23-10-2023 14:27:22

Description :
Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. A local adversary may be able to delete folders in an elevated context.

CVE ID : CVE-2021-26734
Source : cve@zscaler.com
CVSS Score : 4.4

References :
https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021 | source : cve@zscaler.com

Vulnerability : CWE-269


Source : wordfence.com

Vulnerability ID : CVE-2023-5070

First published on : 20-10-2023 08:15:12
Last modified on : 20-10-2023 11:27:04

Description :
The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.8.5 via the sfsi_save_export function. This can allow subscribers to export plugin settings that include social media authentication tokens and secrets as well as app passwords.

CVE ID : CVE-2023-5070
Source : security@wordfence.com
CVSS Score : 6.5

References :
https://plugins.trac.wordpress.org/changeset/2975574/ultimate-social-media-icons/tags/2.8.6/libs/controllers/sfsi_buttons_controller.php?old=2956446&old_path=ultimate-social-media-icons%2Ftags%2F2.8.5%2Flibs%2Fcontrollers%2Fsfsi_buttons_controller.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/e9e43c5b-a094-44ab-a8a3-52d437f0e00d?source=cve | source : security@wordfence.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-5613

First published on : 20-10-2023 05:15:08
Last modified on : 20-10-2023 11:27:23

Description :
The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpsscode' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5613
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/super-testimonial/tags/2.8/tp-testimonials.php#L214 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2979378/super-testimonial#file9 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/52659f1c-642e-4c88-b3d0-d5c5a206b11c?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5614

First published on : 20-10-2023 05:15:08
Last modified on : 20-10-2023 11:27:23

Description :
The Theme Switcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'theme_switcha_list' shortcode in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5614
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/theme-switcha/tags/3.3/inc/plugin-core.php#L445 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2979783/theme-switcha#file1 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/2b0937fe-3ea6-427a-aef7-539c08687abb?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5668

First published on : 20-10-2023 05:15:08
Last modified on : 20-10-2023 11:27:19

Description :
The WhatsApp Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'whatsapp' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5668
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/whatsapp/tags/1.0.1/class-frontend.php#L46 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/77911b0f-c028-49ae-b85e-15909d806e30?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4482

First published on : 20-10-2023 07:15:15
Last modified on : 20-10-2023 11:27:19

Description :
The Auto Amazon Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-4482
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2961861%40amazon-auto-links%2Ftrunk&old=2896127%40amazon-auto-links%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/11ffb8a1-55d2-44c5-bcd2-ba866b94e8bc?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4919

First published on : 20-10-2023 07:15:16
Last modified on : 20-10-2023 11:27:19

Description :
The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `iframe` shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This was partially patched in version 4.6 and fully patched in version 4.7.

CVE ID : CVE-2023-4919
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/iframe/tags/4.5/iframe.php#L28 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/iframe/tags/4.5/iframe.php#L40 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2970787/iframe#file4 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/3706deed-55f2-4dfb-bfed-7a14872cd15a?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5050

First published on : 20-10-2023 07:15:17
Last modified on : 20-10-2023 11:27:12

Description :
The Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5050
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/leaflet-map/tags/3.3.0/shortcodes/class.geojson-shortcode.php#L124 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2968965/leaflet-map#file12 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/3084c9ab-00aa-4b8e-aa46-bd70b335ec77?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5071

First published on : 20-10-2023 07:15:17
Last modified on : 20-10-2023 11:27:12

Description :
The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sitekit_iframe' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5071
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/sitekit/trunk/inc/sitekit-shortcode-iframe.php#L3 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2970788/sitekit | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/011c8a06-298e-4a53-9ef8-552585426d79?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5200

First published on : 20-10-2023 07:15:17
Last modified on : 20-10-2023 11:27:12

Description :
The flowpaper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'flipbook' shortcode in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5200
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/flowpaper-lite-pdf-flipbook/trunk/flowpaper.php?rev=2959754#L395 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2966821/flowpaper-lite-pdf-flipbook | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/31d6288d-87f0-4822-b3f4-541f70cf99fd?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5308

First published on : 20-10-2023 07:15:17
Last modified on : 20-10-2023 11:27:12

Description :
The Podcast Subscribe Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'podcast_subscribe' shortcode in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5308
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/podcast-subscribe-buttons/tags/1.4.8/template-parts/inline-button.php#L30 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2973904/podcast-subscribe-buttons#file529 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/17dbfb82-e380-464a-bfaf-2d0f6bf07f25?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4961

First published on : 20-10-2023 08:15:12
Last modified on : 20-10-2023 11:27:04

Description :
The Poptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'poptin-form' shortcode in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-4961
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/poptin/tags/1.3/poptin.php#L659 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2968210/poptin#file2 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/778af777-4c98-45cd-9704-1bdc96054aa7?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5086

First published on : 20-10-2023 08:15:13
Last modified on : 20-10-2023 11:27:04

Description :
The Copy Anything to Clipboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'copy' shortcode in versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5086
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/copy-the-code/tags/2.6.4/classes/class-copy-the-code-shortcode.php#L83 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2969441/copy-the-code#file1 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/e834a211-ccc8-4a30-a15d-879ba34184e9?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5109

First published on : 20-10-2023 08:15:13
Last modified on : 20-10-2023 11:27:04

Description :
The WP Mailto Links – Protect Email Addresses plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wpml_mailto' shortcode in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This was partially patched in version 3.1.3 and fully patched in version 3.1.4.

CVE ID : CVE-2023-5109
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/wp-mailto-links/tags/3.1.2/core/includes/classes/class-wp-mailto-links-validate.php#L582 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/ec882062-0059-47ca-a007-3347e7adb70b?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5231

First published on : 20-10-2023 08:15:13
Last modified on : 20-10-2023 11:27:04

Description :
The Magic Action Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.17.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5231
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/magic-action-box/tags/2.17.2/lib/functions.php#L287 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/ce9b908b-1388-41fb-915c-e4e29eaf57ed?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5292

First published on : 20-10-2023 08:15:13
Last modified on : 20-10-2023 11:27:04

Description :
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'acfe_form' shortcode in versions up to, and including, 0.8.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5292
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/acf-extended/tags/0.8.9.3/includes/modules/form/module-form-front.php#L669 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/acf-extended/tags/0.8.9.4/includes/modules/form/module-form-front.php#L669 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2972880/acf-extended#file4 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/dcbe0c72-d518-45d3-a220-896a51071b26?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5337

First published on : 20-10-2023 08:15:13
Last modified on : 20-10-2023 11:27:04

Description :
The Contact form Form For All plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formforall' shortcode in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5337
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/formforall/trunk/formforall_common.php#L21 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/abe2f596-b2c3-49d3-b646-0f4b64f15674?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5615

First published on : 20-10-2023 08:15:13
Last modified on : 20-10-2023 11:27:04

Description :
The Skype Legacy Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skype-status' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5615
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/skype-online-status/tags/3.1/skype-classes.php#L316 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/914bcc8f-fecd-450e-b2a7-0989b7a0dd4c?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5618

First published on : 20-10-2023 12:15:24
Last modified on : 20-10-2023 17:48:41

Description :
The Modern Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 1.4.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5618
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset/2980695/modern-footnotes | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/c20c674f-54b5-470f-b470-07a63501eb4d?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5205

First published on : 21-10-2023 08:15:09
Last modified on : 21-10-2023 08:33:34

Description :
The Add Custom Body Class plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add_custom_body_class' value in versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5205
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/add-custom-body-class/trunk/add-custom-body-class.php#L32 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/9841b57b-b869-4282-8781-60538f6f269f?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2021-4335

First published on : 20-10-2023 07:15:14
Last modified on : 20-10-2023 11:27:19

Description :
The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized access to data and modification of plugin settings due to a missing capability check on multiple AJAX functions in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify plugin settings, including retrieving arbitrary order information or creating/updating/deleting products, orders, or other sensitive information not associated with their own account.

CVE ID : CVE-2021-4335
Source : security@wordfence.com
CVSS Score : 6.3

References :
https://support.fancyproductdesigner.com/support/discussions/topics/13000029981 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/644624d8-c193-4ee6-bc82-7ccda5d7f2ac?source=cve | source : security@wordfence.com

Vulnerability : CWE-285


Vulnerability ID : CVE-2023-3933

First published on : 20-10-2023 16:15:19
Last modified on : 20-10-2023 17:48:41

Description :
The Your Journey theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE ID : CVE-2023-3933
Source : security@wordfence.com
CVSS Score : 6.1

References :
https://github.com/BlackFan/client-side-prototype-pollution | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/c738e051-ad1c-4115-94d3-127dd5dff935?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-3962

First published on : 20-10-2023 16:15:19
Last modified on : 20-10-2023 17:48:41

Description :
The Winters theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE ID : CVE-2023-3962
Source : security@wordfence.com
CVSS Score : 6.1

References :
https://github.com/BlackFan/client-side-prototype-pollution | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/6f8b75a1-f0f2-445b-a1c7-1628916470d3?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-3965

First published on : 20-10-2023 16:15:19
Last modified on : 20-10-2023 17:48:41

Description :
The nsc theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE ID : CVE-2023-3965
Source : security@wordfence.com
CVSS Score : 6.1

References :
https://github.com/BlackFan/client-side-prototype-pollution | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/5909513d-8877-40ff-bee9-d565141b7ed2?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4635

First published on : 21-10-2023 08:15:08
Last modified on : 21-10-2023 08:33:34

Description :
The EventON plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE ID : CVE-2023-4635
Source : security@wordfence.com
CVSS Score : 6.1

References :
https://github.com/xsn1210/vul/blob/main/xss%5BEventON%5D%20.md | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/115ad0b2-febe-485a-8fb5-9bd6edc37ef7?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2022-4954

First published on : 20-10-2023 07:15:15
Last modified on : 20-10-2023 11:27:19

Description :
The Waiting: One-click countdowns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown name in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2022-4954
Source : security@wordfence.com
CVSS Score : 5.5

References :
https://plugins.trac.wordpress.org/browser/waiting/trunk/waiting.php?rev=2826039 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/2ef5b0de-0b8b-4286-86ea-6dca0dbc1a52?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4968

First published on : 20-10-2023 07:15:16
Last modified on : 20-10-2023 11:27:12

Description :
The WPLegalPages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wplegalpage' shortcode in versions up to, and including, 2.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with author-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-4968
Source : security@wordfence.com
CVSS Score : 5.5

References :
https://plugins.trac.wordpress.org/browser/wplegalpages/tags/2.9.2/public/class-wp-legal-pages-public.php#L150 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2976774/wplegalpages/trunk/public/class-wp-legal-pages-public.php#file0 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/68d7b5d0-c777-4ff9-bdef-a7762cfbdf1a?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4923

First published on : 20-10-2023 08:15:12
Last modified on : 20-10-2023 11:27:08

Description :
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_delete function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-4923
Source : security@wordfence.com
CVSS Score : 5.4

References :
https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L344 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/7a4db03d-ec40-4145-aa95-fee78bda5205?source=cve | source : security@wordfence.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-4924

First published on : 20-10-2023 08:15:12
Last modified on : 20-10-2023 11:27:08

Description :
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to missing capability checks on the woobe_bulkoperations_delete function. This makes it possible for authenticated attackers, with subscriber access or higher, to delete products.

CVE ID : CVE-2023-4924
Source : security@wordfence.com
CVSS Score : 5.4

References :
https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L344 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/7dfd0246-4265-4dde-8a1e-18b7042eae74?source=cve | source : security@wordfence.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-4926

First published on : 20-10-2023 08:15:12
Last modified on : 20-10-2023 11:27:08

Description :
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulk_delete_products function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-4926
Source : security@wordfence.com
CVSS Score : 5.4

References :
https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulk/bulk.php#L159 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bulk/bulk.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulk%2Fbulk.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/ab633506-63a1-4be1-b402-c7f0bcc4ea7a?source=cve | source : security@wordfence.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2021-4353

First published on : 20-10-2023 07:15:14
Last modified on : 20-10-2023 11:27:19

Description :
The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated settings export in versions up to, and including, 2.4.1. This is due to missing authorization on the export() function which makes makes it possible for unauthenticated attackers to export the plugin's settings.

CVE ID : CVE-2021-4353
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://blog.nintechnet.com/woocommerce-dynamic-pricing-and-discounts-plugin-fixed-multiple-vulnerabilities/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/5c1e6685-44a7-452e-89ab-b9fffb65a12b?source=cve | source : security@wordfence.com

Vulnerability : CWE-288


Vulnerability ID : CVE-2023-3869

First published on : 20-10-2023 08:15:12
Last modified on : 20-10-2023 11:27:08

Description :
The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the voteOnComment function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a comment.

CVE ID : CVE-2023-3869
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/browser/wpdiscuz/trunk/utils/class.WpdiscuzHelperAjax.php#L681 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/b30ac1b0-eae2-4194-bf8e-ae73b4236965?source=cve | source : security@wordfence.com

Vulnerability : CWE-639


Vulnerability ID : CVE-2023-3998

First published on : 20-10-2023 08:15:12
Last modified on : 20-10-2023 11:27:08

Description :
The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a post.

CVE ID : CVE-2023-3998
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/browser/wpdiscuz/trunk/utils/class.WpdiscuzHelperAjax.php#L886 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/9d09bdab-ffab-44cc-bba2-821b21a8e343?source=cve | source : security@wordfence.com

Vulnerability : CWE-639


Vulnerability ID : CVE-2023-4668

First published on : 20-10-2023 08:15:12
Last modified on : 20-10-2023 11:27:08

Description :
The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated attackers to extract sensitive data including installed plugins (present and active), active theme, various plugin settings, WordPress version, as well as some server settings such as memory limit, installation paths.

CVE ID : CVE-2023-4668
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2969942%40ad-inserter%2Ftags%2F2.7.31&old=2922718%40ad-inserter%2Ftrunk | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/ce457c98-c55b-4b71-a80b-393eceb9effd?source=cve | source : security@wordfence.com

Vulnerability : CWE-862


Vulnerability ID : CVE-2023-5533

First published on : 20-10-2023 08:15:13
Last modified on : 23-10-2023 13:15:09

Description :
The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2. This makes it possible for unauthenticated attackers to perform some of those actions that were intended for higher privileged users.

CVE ID : CVE-2023-5533
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/a9db002f-ff41-493a-87b1-5f0b4b07cfc2?source=cve | source : security@wordfence.com

Vulnerability : CWE-862


Vulnerability ID : CVE-2023-4939

First published on : 21-10-2023 08:15:08
Last modified on : 21-10-2023 08:33:34

Description :
The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and including, 3.2.4. This is due to the use of a weak authentication token for the /wp-json/salesmanago/v1/callbackApiV3 API endpoint which is simply a SHA1 hash of the site URL and client ID found in the page source of the website. This makes it possible for unauthenticated attackers to inject arbitrary content into the log files, and when combined with another vulnerability this could have significant consequences.

CVE ID : CVE-2023-4939
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/browser/salesmanago/trunk/src/Admin/Controller/CallbackController.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/salesmanago/trunk/src/Includes/Helper.php#L376 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/de7db1d6-b352-44c7-a6cc-b21cb65a0482?source=cve | source : security@wordfence.com

Vulnerability : CWE-305


Vulnerability ID : CVE-2022-3622

First published on : 20-10-2023 08:15:11
Last modified on : 20-10-2023 11:27:08

Description :
The Blog2Social plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in versions up to, and including, 6.9.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change some plugin settings intended to be modifiable by admins only.

CVE ID : CVE-2022-3622
Source : security@wordfence.com
CVSS Score : 4.7

References :
https://plugins.trac.wordpress.org/browser/blog2social/tags/6.9.10/includes/B2S/Settings/Item.php#L116 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2795052%40blog2social&new=2795052%40blog2social&sfp_email=&sfph_mail= | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2796598%40blog2social&new=2796598%40blog2social&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/f5b8d39c-d307-42c9-a972-29b5521a82a4?source=cve | source : security@wordfence.com

Vulnerability : CWE-862


Vulnerability ID : CVE-2023-4271

First published on : 20-10-2023 07:15:15
Last modified on : 20-10-2023 11:27:19

Description :
The Photospace Responsive plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘psres_button_size’ parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVE ID : CVE-2023-4271
Source : security@wordfence.com
CVSS Score : 4.4

References :
https://plugins.trac.wordpress.org/changeset/2831424/photospace-responsive/trunk/includes/class-photospace-responsive-gallery.php?contextall=1&old=2544748&old_path=%2Fphotospace-responsive%2Ftrunk%2Fincludes%2Fclass-photospace-responsive-gallery.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2966110%40photospace-responsive%2Ftrunk&old=2875667%40photospace-responsive%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/3bc98896-6ff9-40de-ace2-2ca331c2a44a?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5120

First published on : 20-10-2023 07:15:17
Last modified on : 20-10-2023 11:27:12

Description :
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image file path parameter in versions up to, and including, 0.9.89 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5120
Source : security@wordfence.com
CVSS Score : 4.4

References :
https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/tags/0.9.89/includes/upload-cleaner/class-wpvivid-uploads-cleaner.php#L161 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/320f4260-20c2-4f27-91ba-d2488b417f62?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-3996

First published on : 20-10-2023 08:15:12
Last modified on : 20-10-2023 11:27:08

Description :
The ARMember Lite - Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVE ID : CVE-2023-3996
Source : security@wordfence.com
CVSS Score : 4.4

References :
https://plugins.svn.wordpress.org/armember-membership/tags/4.0.2/readme.md | source : security@wordfence.com
https://plugins.svn.wordpress.org/armember-membership/tags/4.0.2/readme.txt | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2905086%40armember-membership%2Ftrunk&old=2885708%40armember-membership%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.armemberplugin.com | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/c1022ac4-869e-415a-a7c8-3650421608ea?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4021

First published on : 20-10-2023 08:15:12
Last modified on : 20-10-2023 11:27:08

Description :
The Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google API key and Calendar ID in versions up to, but not including, 7.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVE ID : CVE-2023-4021
Source : security@wordfence.com
CVSS Score : 4.4

References :
https://webnus.net/modern-events-calendar/change-log/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/f213fb42-5bab-4017-80ea-ce6543031af2?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4648

First published on : 20-10-2023 08:15:12
Last modified on : 20-10-2023 11:27:08

Description :
The WP Customer Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVE ID : CVE-2023-4648
Source : security@wordfence.com
CVSS Score : 4.4

References :
https://plugins.trac.wordpress.org/changeset/2965658/wp-customer-reviews/trunk?contextall=1&old=2882143&old_path=%2Fwp-customer-reviews%2Ftrunk | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/f81950be-de32-4fa1-94fe-42667414fe2d?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5121

First published on : 20-10-2023 08:15:13
Last modified on : 20-10-2023 11:27:04

Description :
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings (the backup path parameter) in versions up to, and including, 0.9.89 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVE ID : CVE-2023-5121
Source : security@wordfence.com
CVSS Score : 4.4

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2956458%40wpvivid-backuprestore%2Ftrunk&old=2948265%40wpvivid-backuprestore%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/cdcac5f9-a744-4853-8a80-ed38fec81dbb?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-4920

First published on : 20-10-2023 07:15:16
Last modified on : 20-10-2023 11:27:19

Description :
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_save_options function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Additionally, input sanitization and escaping is insufficient resulting in the possibility of malicious script injection.

CVE ID : CVE-2023-4920
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/index.php#L805 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/index.php?contextall=1&old=2968292&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Findex.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/58d25eeb-b12c-4850-8308-eaa30982b5a8?source=cve | source : security@wordfence.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-4935

First published on : 20-10-2023 07:15:16
Last modified on : 20-10-2023 11:27:19

Description :
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the create_profile function. This makes it possible for unauthenticated attackers to create profiles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-4935
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/classes/models/profiles.php#L191 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/classes/models/profiles.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fclasses%2Fmodels%2Fprofiles.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/639f3941-7783-4500-aca4-5e8155db6460?source=cve | source : security@wordfence.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-4937

First published on : 20-10-2023 07:15:16
Last modified on : 20-10-2023 11:27:19

Description :
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_apply_default_combination function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-4937
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L286 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/40bf51bf-efb2-4504-815b-4681d1078f77?source=cve | source : security@wordfence.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-4940

First published on : 20-10-2023 07:15:16
Last modified on : 20-10-2023 11:27:12

Description :
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_swap function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-4940
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L521 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/31c5e524-ef4d-48c7-baa0-595f8060a167?source=cve | source : security@wordfence.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-4942

First published on : 20-10-2023 07:15:16
Last modified on : 20-10-2023 11:27:12

Description :
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_visibility function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-4942
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L719 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/26d8b75b-befa-4c6a-b072-0da44e437174?source=cve | source : security@wordfence.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-4943

First published on : 20-10-2023 07:15:16
Last modified on : 20-10-2023 11:27:12

Description :
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_visibility function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.

CVE ID : CVE-2023-4943
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L719 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/2d10475f-83dd-4e59-83e4-aeaa72a22b96?source=cve | source : security@wordfence.com

Vulnerability : CWE-862


Vulnerability ID : CVE-2023-4947

First published on : 20-10-2023 07:15:16
Last modified on : 20-10-2023 11:27:12

Description :
The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_ean_data AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above, to update EAN numbers for orders.

CVE ID : CVE-2023-4947
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.yanco.dk/product/woocommerce-ean-payment-gateway/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/2760b183-3c15-4f0e-b72f-7c0333f9d4b6?source=cve | source : security@wordfence.com

Vulnerability : CWE-862


Vulnerability ID : CVE-2023-4975

First published on : 20-10-2023 07:15:16
Last modified on : 20-10-2023 11:27:12

Description :
The Website Builder by SeedProd plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.15.13.1. This is due to missing or incorrect nonce validation on functionality in the builder.php file. This makes it possible for unauthenticated attackers to change the stripe connect token via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-4975
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/browser/coming-soon/trunk/resources/views/builder.php#L164 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2968455/coming-soon/trunk/resources/views/builder.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/2cb5370f-14aa-445d-bda3-62a0dd068fc5?source=cve | source : security@wordfence.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2020-36751

First published on : 20-10-2023 08:15:11
Last modified on : 20-10-2023 11:27:12

Description :
The Coupon Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on the save_meta() function. This makes it possible for unauthenticated attackers to save meta fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2020-36751
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2368658/coupon-creator/tags/2.5.2.1/plugin-engine/src/Pngx/Admin/Meta.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/ab57f010-4fd2-40c2-950f-c03888521c8f?source=cve | source : security@wordfence.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2020-36753

First published on : 20-10-2023 08:15:11
Last modified on : 20-10-2023 11:27:12

Description :
The Hueman theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation on the save_meta_box() function. This makes it possible for unauthenticated attackers to save metabox data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2020-36753
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://themes.trac.wordpress.org/browser/hueman/3.6.4/option-tree/includes/class-ot-meta-box.php#L207 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d54b4dc9-8590-433c-873a-efb49e2e79cd?source=cve | source : security@wordfence.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2020-36754

First published on : 20-10-2023 08:15:11
Last modified on : 20-10-2023 11:27:12

Description :
The Paid Memberships Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.2. This is due to missing or incorrect nonce validation on the pmpro_page_save() function. This makes it possible for unauthenticated attackers to save pages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2020-36754
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2368689%40paid-memberships-pro&new=2368689%40paid-memberships-pro&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d74553a4-0ef7-4908-a2e8-5e0216f7b256?source=cve | source : security@wordfence.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2020-36755

First published on : 20-10-2023 08:15:11
Last modified on : 20-10-2023 11:27:12

Description :
The Customizr theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.0. This is due to missing or incorrect nonce validation on the czr_fn_post_fields_save() function. This makes it possible for unauthenticated attackers to post fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2020-36755
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://themes.trac.wordpress.org/browser/customizr/4.3.1/core/czr-admin-ccat.php?rev=135570#L1764 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d9f6b600-a35a-49c2-8758-a7cc5c00e947?source=cve | source : security@wordfence.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2020-36758

First published on : 20-10-2023 08:15:11
Last modified on : 20-10-2023 11:27:08

Description :
The RSS Aggregator by Feedzy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.2. This is due to missing or incorrect nonce validation on the save_feedzy_post_type_meta() function. This makes it possible for unauthenticated attackers to update post meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2020-36758
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2369394/feedzy-rss-feeds/trunk/includes/admin/feedzy-rss-feeds-admin.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/e3b916dc-3b94-4319-a805-0ea99d14429f?source=cve | source : security@wordfence.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2020-36759

First published on : 20-10-2023 08:15:11
Last modified on : 20-10-2023 11:27:08

Description :
The Woody code snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.9. This is due to missing or incorrect nonce validation on the runActions() function. This makes it possible for unauthenticated attackers to activate and deactivate snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2020-36759
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2368332%40insert-php&new=2368332%40insert-php&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/e573c0a4-d053-400b-828c-0d0eca880776?source=cve | source : security@wordfence.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2021-4418

First published on : 20-10-2023 08:15:11
Last modified on : 20-10-2023 11:27:08

Description :
The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save code snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2021-4418
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/ | source : security@wordfence.com
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/custom-css-js-php/trunk/modules/code/model.code.php#L85 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d21dc02f-789c-497e-9d01-02fa49bf9e30?source=cve | source : security@wordfence.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-4796

First published on : 20-10-2023 08:15:12
Last modified on : 20-10-2023 11:27:08

Description :
The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the 'wcj_wp_option' shortcode in versions up to, and including, 7.1.0 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with subscriber-level capabilities or above, to retrieve arbitrary sensitive site options.

CVE ID : CVE-2023-4796
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/tags/7.1.0/includes/shortcodes/class-wcj-general-shortcodes.php#L450 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2966325/woocommerce-jetpack#file1 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/a4cd49b2-ff93-4582-906b-b690d8472c38?source=cve | source : security@wordfence.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-4941

First published on : 20-10-2023 08:15:12
Last modified on : 20-10-2023 11:27:04

Description :
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_swap function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.

CVE ID : CVE-2023-4941
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L521 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/bc20f303-cac3-4517-9c45-153c410a13af?source=cve | source : security@wordfence.com

Vulnerability : CWE-862


Vulnerability ID : CVE-2023-5534

First published on : 20-10-2023 08:15:13
Last modified on : 23-10-2023 13:15:09

Description :
The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.9 and 4.9.2. This is due to missing or incorrect nonce validation on the corresponding functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-5534
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/846bd929-45cd-4e91-b232-ae16dd2b12a0?source=cve | source : security@wordfence.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-5602

First published on : 20-10-2023 08:15:13
Last modified on : 20-10-2023 11:27:04

Description :
The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.5. This is due to missing or incorrect nonce validation on several functions corresponding to AJAX actions. This makes it possible for unauthenticated attackers to invoke those actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-5602
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/2975574/ultimate-social-media-icons/tags/2.8.6/libs/controllers/sfsi_buttons_controller.php?old=2956446&old_path=ultimate-social-media-icons%2Ftags%2F2.8.5%2Flibs%2Fcontrollers%2Fsfsi_buttons_controller.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d44a45fb-3bff-4a1f-8319-a58a47a9d76b?source=cve | source : security@wordfence.com

Vulnerability : CWE-352


Source : fortinet.com

Vulnerability ID : CVE-2023-44256

First published on : 20-10-2023 10:15:12
Last modified on : 20-10-2023 11:27:04

Description :
A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request.

CVE ID : CVE-2023-44256
Source : psirt@fortinet.com
CVSS Score : 6.5

References :
https://fortiguard.com/psirt/FG-IR-19-039 | source : psirt@fortinet.com
https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh | source : psirt@fortinet.com


Source : github.com

Vulnerability ID : CVE-2023-45661

First published on : 21-10-2023 00:15:08
Last modified on : 21-10-2023 08:33:34

Description :
stb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in `stbi__gif_load_next`. This happens because two_back points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory allocation information.

CVE ID : CVE-2023-45661
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6817 | source : security-advisories@github.com
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L7021-L7022 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ | source : security-advisories@github.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-45662

First published on : 21-10-2023 00:15:08
Last modified on : 21-10-2023 08:33:34

Description :
stb_image is a single file MIT licensed library for processing images. When `stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger `memcpy` out-of-bounds read because `bytes_per_pixel` used to calculate `bytes_per_row` doesn’t match the real image array dimensions.

CVE ID : CVE-2023-45662
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1235 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ | source : security-advisories@github.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-45675

First published on : 21-10-2023 00:15:09
Last modified on : 21-10-2023 08:33:34

Description :
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when passed to `setup_malloc`. The `setup_malloc` behaves differently when `f->alloc.alloc_buffer` is pre-allocated. Instead of returning `NULL` as in `malloc` case it shifts the pre-allocated buffer by zero and returns the currently available memory block. This issue may lead to code execution.

CVE ID : CVE-2023-45675
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3652-L3658 | source : security-advisories@github.com
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3658 | source : security-advisories@github.com
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L950-L960 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ | source : security-advisories@github.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-45678

First published on : 21-10-2023 00:15:09
Last modified on : 21-10-2023 08:33:34

Description :
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in `start_decoder` because at maximum `m->submaps` can be 16 but `submap_floor` and `submap_residue` are declared as arrays of 15 elements. This issue may lead to code execution.

CVE ID : CVE-2023-45678
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L4074-L4079 | source : security-advisories@github.com
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L753-L760 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ | source : security-advisories@github.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-46127

First published on : 23-10-2023 15:15:09
Last modified on : 23-10-2023 16:07:50

Description :
Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library. A malicious Frappe user with desk access could create documents containing HTML payloads allowing HTML Injection. This vulnerability has been patched in version 14.49.0.

CVE ID : CVE-2023-46127
Source : security-advisories@github.com
CVSS Score : 5.4

References :
https://github.com/frappe/frappe/commit/3dc5d2fcc7561dde181ba953009fe6e39d64e900 | source : security-advisories@github.com
https://github.com/frappe/frappe/pull/22339 | source : security-advisories@github.com
https://github.com/frappe/frappe/security/advisories/GHSA-j2w9-8xrr-7g98 | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-41894

First published on : 20-10-2023 00:15:16
Last modified on : 20-10-2023 11:27:23

Description :
Home assistant is an open source home automation. The assessment verified that webhooks available in the webhook component are triggerable via the `*.ui.nabu.casa` URL without authentication, even when the webhook is marked as Only accessible from the local network. This issue is facilitated by the SniTun proxy, which sets the source address to 127.0.0.1 on all requests sent to the public URL and forwarded to the local Home Assistant. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-41894
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/home-assistant/core/security/advisories/GHSA-wx3j-3v2j-rf45 | source : security-advisories@github.com
https://www.home-assistant.io/blog/2023/10/19/security-audits-of-home-assistant/ | source : security-advisories@github.com

Vulnerability : CWE-669


Vulnerability ID : CVE-2023-45663

First published on : 21-10-2023 00:15:08
Last modified on : 21-10-2023 08:33:34

Description :
stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not checked: In the `stbi__hdr_load` function and in the `stbi__tga_load` function. The latter of the two is likely more exploitable as an attacker may also control the size of an uninitialized buffer.

CVE ID : CVE-2023-45663
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1664 | source : security-advisories@github.com
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L5936C10-L5936C20 | source : security-advisories@github.com
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L7221 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ | source : security-advisories@github.com

Vulnerability : CWE-908


Vulnerability ID : CVE-2023-45667

First published on : 21-10-2023 00:15:09
Last modified on : 21-10-2023 08:33:34

Description :
stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash.

CVE ID : CVE-2023-45667
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1442-L1454 | source : security-advisories@github.com
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1448 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ | source : security-advisories@github.com

Vulnerability : CWE-476


Vulnerability ID : CVE-2023-45680

First published on : 21-10-2023 00:15:09
Last modified on : 21-10-2023 08:33:34

Description :
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, the `f->comment_list` is set to `NULL`, but `f->comment_list_length` is not reset. Later in `vorbis_deinit` it tries to dereference the `NULL` pointer. This issue may lead to denial of service.

CVE ID : CVE-2023-45680
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3660-L3666 | source : security-advisories@github.com
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L4208-L4215 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ | source : security-advisories@github.com

Vulnerability : CWE-476


Vulnerability ID : CVE-2023-45682

First published on : 21-10-2023 00:15:09
Last modified on : 21-10-2023 08:33:34

Description :
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in `DECODE` macro when `var` is negative. As it can be seen in the definition of `DECODE_RAW` a negative `var` is a valid value. This issue may be used to leak internal memory allocation information.

CVE ID : CVE-2023-45682
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L1717-L1729 | source : security-advisories@github.com
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L1754-L1756 | source : security-advisories@github.com
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3231 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ | source : security-advisories@github.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-41893

First published on : 20-10-2023 00:15:16
Last modified on : 20-10-2023 11:27:23

Description :
Home assistant is an open source home automation. The audit team’s analyses confirmed that the `redirect_uri` and `client_id` are alterable when logging in. Consequently, the code parameter utilized to fetch the `access_token` post-authentication will be sent to the URL specified in the aforementioned parameters. Since an arbitrary URL is permitted and `homeassistant.local` represents the preferred, default domain likely used and trusted by many users, an attacker could leverage this weakness to manipulate a user and retrieve account access. Notably, this attack strategy is plausible if the victim has exposed their Home Assistant to the Internet, since after acquiring the victim’s `access_token` the adversary would need to utilize it directly towards the instance to achieve any pertinent malicious actions. To achieve this compromise attempt, the attacker must send a link with a `redirect_uri` that they control to the victim’s own Home Assistant instance. In the eventuality the victim authenticates via said link, the attacker would obtain code sent to the specified URL in `redirect_uri`, which can then be leveraged to fetch an `access_token`. Pertinently, an attacker could increase the efficacy of this strategy by registering a near identical domain to `homeassistant.local`, which at first glance may appear legitimate and thereby obfuscate any malicious intentions. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-41893
Source : security-advisories@github.com
CVSS Score : 4.3

References :
https://github.com/home-assistant/core/security/advisories/GHSA-qhhj-7hrc-gqj5 | source : security-advisories@github.com
https://www.home-assistant.io/blog/2023/10/19/security-audits-of-home-assistant/ | source : security-advisories@github.com

Vulnerability : CWE-200


Source : vuldb.com

Vulnerability ID : CVE-2023-5683

First published on : 21-10-2023 05:16:07
Last modified on : 21-10-2023 08:33:34

Description :
A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20231010 and classified as critical. This issue affects some unknown processing of the file /sysmanage/importconf.php. The manipulation of the argument btn_file_renew leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-5683
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/yaphetszz/cve/blob/main/upload.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.243059 | source : cna@vuldb.com
https://vuldb.com/?id.243059 | source : cna@vuldb.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-5693

First published on : 22-10-2023 23:15:08
Last modified on : 23-10-2023 11:35:01

Description :
A vulnerability was found in CodeAstro Internet Banking System 1.0 and classified as critical. This issue affects some unknown processing of the file pages_reset_pwd.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243131.

CVE ID : CVE-2023-5693
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/E1CHO/cve_hub/blob/main/Internet%20Banking%20System/Internet%20Banking%20System%20-%20vuln%201.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.243131 | source : cna@vuldb.com
https://vuldb.com/?id.243131 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5682

First published on : 20-10-2023 21:15:10
Last modified on : 21-10-2023 08:33:34

Description :
A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affects unknown code of the file general/hr/training/record/delete.php. The manipulation of the argument RECORD_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-243058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-5682
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/Godfather-onec/cve/blob/main/sql.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.243058 | source : cna@vuldb.com
https://vuldb.com/?id.243058 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5700

First published on : 23-10-2023 00:15:08
Last modified on : 23-10-2023 11:35:01

Description :
A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /protocol/iscgwtunnel/uploadiscgwrouteconf.php. The manipulation of the argument GWLinkId leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-243138 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-5700
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/istlnight/cve/blob/main/NS-ASG-sql-uploadiscgwrouteconf.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.243138 | source : cna@vuldb.com
https://vuldb.com/?id.243138 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5681

First published on : 20-10-2023 21:15:09
Last modified on : 21-10-2023 08:33:34

Description :
A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/list_addr_fwresource_ip.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243057 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-5681
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://github.com/Wsecpro/cve1/blob/main/NS-ASG-sql-list_addr_fwresource_ip.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.243057 | source : cna@vuldb.com
https://vuldb.com/?id.243057 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5684

First published on : 21-10-2023 07:15:07
Last modified on : 21-10-2023 08:33:34

Description :
A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20231012. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /importexport.php. The manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243061 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-5684
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://github.com/Chef003/cve/blob/main/rce.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.243061 | source : cna@vuldb.com
https://vuldb.com/?id.243061 | source : cna@vuldb.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-5701

First published on : 23-10-2023 01:15:07
Last modified on : 23-10-2023 11:35:01

Description :
A vulnerability has been found in vnotex vnote up to 3.17.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Markdown File Handler. The manipulation with the input <xss onclick="alert(1)" style=display:block>Click here</xss> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243139. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-5701
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/victorootnice/victorootnice.github.io/blob/main/2023/bbp-01.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.243139 | source : cna@vuldb.com
https://vuldb.com/?id.243139 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5702

First published on : 23-10-2023 01:15:07
Last modified on : 23-10-2023 11:35:01

Description :
A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243140. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-5702
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/GTA12138/vul/blob/main/Viessmann/Vitogate300_Document_Unauthorized_Access.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.243140 | source : cna@vuldb.com
https://vuldb.com/?id.243140 | source : cna@vuldb.com

Vulnerability : CWE-425


Source : hcl.com

Vulnerability ID : CVE-2023-37532

First published on : 23-10-2023 17:15:08
Last modified on : 23-10-2023 18:18:33

Description :
HCL Commerce Remote Store server could allow a remote attacker, using a specially-crafted URL, to read arbitrary files on the system.

CVE ID : CVE-2023-37532
Source : psirt@hcl.com
CVSS Score : 5.8

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108094 | source : psirt@hcl.com


Source : emc.com

Vulnerability ID : CVE-2023-43065

First published on : 23-10-2023 15:15:09
Last modified on : 23-10-2023 16:07:50

Description :
Dell Unity prior to 5.3 contains a Cross-site scripting vulnerability. A low-privileged authenticated attacker can exploit these issues to obtain escalated privileges.

CVE ID : CVE-2023-43065
Source : security_alert@emc.com
CVSS Score : 5.5

References :
https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities | source : security_alert@emc.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-43074

First published on : 23-10-2023 15:15:09
Last modified on : 23-10-2023 16:07:50

Description :
Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server.

CVE ID : CVE-2023-43074
Source : security_alert@emc.com
CVSS Score : 5.2

References :
https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities | source : security_alert@emc.com

Vulnerability : CWE-73


Vulnerability ID : CVE-2023-43066

First published on : 23-10-2023 16:15:09
Last modified on : 23-10-2023 18:18:33

Description :
Dell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerability. This could allow an authenticated, local attacker to exploit this vulnerability by authenticating to the device CLI and issuing certain commands.

CVE ID : CVE-2023-43066
Source : security_alert@emc.com
CVSS Score : 5.1

References :
https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities | source : security_alert@emc.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-43067

First published on : 23-10-2023 16:15:09
Last modified on : 23-10-2023 18:18:33

Description :
Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack could potentially exploit this vulnerability disclosing local files in the file system.

CVE ID : CVE-2023-43067
Source : security_alert@emc.com
CVSS Score : 4.9

References :
https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities | source : security_alert@emc.com

Vulnerability : CWE-611


Source : huntr.dev

Vulnerability ID : CVE-2023-5687

First published on : 20-10-2023 17:15:08
Last modified on : 20-10-2023 17:48:41

Description :
Cross-Site Request Forgery (CSRF) in GitHub repository mosparo/mosparo prior to 1.0.3.

CVE ID : CVE-2023-5687
Source : security@huntr.dev
CVSS Score : 5.4

References :
https://github.com/mosparo/mosparo/commit/fb3ac528b7548beb802182310967968a21c1354a | source : security@huntr.dev
https://huntr.com/bounties/33f95510-cdee-460e-8e61-107874962f2d | source : security@huntr.dev

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-5690

First published on : 20-10-2023 17:15:09
Last modified on : 20-10-2023 17:48:41

Description :
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.2.2.

CVE ID : CVE-2023-5690
Source : security@huntr.dev
CVSS Score : 5.3

References :
https://github.com/modoboa/modoboa/commit/23e4c25511c66c0548da001236f47e19e3f9e4d9 | source : security@huntr.dev
https://huntr.com/bounties/980c75a5-d978-4b0e-9bcc-2b2682c97e01 | source : security@huntr.dev

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-5686

First published on : 20-10-2023 17:15:08
Last modified on : 20-10-2023 17:48:41

Description :
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.

CVE ID : CVE-2023-5686
Source : security@huntr.dev
CVSS Score : 5.1

References :
https://github.com/radareorg/radare2/commit/1bdda93e348c160c84e30da3637acef26d0348de | source : security@huntr.dev
https://huntr.com/bounties/bbfe1f76-8fa1-4a8c-909d-65b16e970be0 | source : security@huntr.dev

Vulnerability : CWE-122


Source : patchstack.com

Vulnerability ID : CVE-2023-46078

First published on : 21-10-2023 22:15:08
Last modified on : 23-10-2023 11:35:01

Description :
Cross-Site Request Forgery (CSRF) vulnerability in PluginEver WC Serial Numbers plugin <= 1.6.3 versions.

CVE ID : CVE-2023-46078
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/wc-serial-numbers/wordpress-serial-numbers-for-woocommerce-license-manager-plugin-1-6-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-46095

First published on : 22-10-2023 22:15:08
Last modified on : 23-10-2023 11:35:01

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole Smooth Scroll Links [SSL] plugin <= 1.1.0 versions.

CVE ID : CVE-2023-46095
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/smooth-scrolling-links-ssl/wordpress-smooth-scroll-links-ssl-plugin-1-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-46067

First published on : 21-10-2023 21:15:08
Last modified on : 23-10-2023 11:35:01

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Font plugin <= 1.2.3 versions.

CVE ID : CVE-2023-46067
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/rocket-font/wordpress-rocket-font-plugin-1-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-46085

First published on : 22-10-2023 22:15:08
Last modified on : 23-10-2023 11:35:01

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.2.4 versions.

CVE ID : CVE-2023-46085
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/wp-ultimate-review/wordpress-wp-ultimate-review-plugin-2-2-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-46089

First published on : 22-10-2023 22:15:08
Last modified on : 23-10-2023 11:35:01

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Lee Le @ Userback Userback plugin <= 1.0.13 versions.

CVE ID : CVE-2023-46089
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/userback/wordpress-userback-plugin-1-0-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Source : snyk.io

Vulnerability ID : CVE-2023-5718

First published on : 23-10-2023 15:15:09
Last modified on : 23-10-2023 16:07:50

Description :
The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard `postMessage()` API. By creating a malicious web page with an iFrame targeting a sensitive resource (i.e. a locally accessible file or sensitive website), and registering a listener on the web page, the extension sent messages back to the listener, containing the base64 encoded screenshot data of the sensitive resource.

CVE ID : CVE-2023-5718
Source : report@snyk.io
CVSS Score : 4.3

References :
https://gist.github.com/CalumHutton/bdb97077a66021ed455f87823cd7c7cb | source : report@snyk.io

Vulnerability : CWE-200


(7) LOW VULNERABILITIES [0.1, 3.9]

Source : github.com

Vulnerability ID : CVE-2023-46122

First published on : 23-10-2023 16:15:09
Last modified on : 23-10-2023 18:18:33

Description :
sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, `IO.unzip` allows writing of arbitrary file. This would have potential to overwrite `/root/.ssh/authorized_keys`. Within sbt's main code, `IO.unzip` is used in `pullRemoteCache` task and `Resolvers.remote`; however many projects use `IO.unzip(...)` directly to implement custom tasks. This vulnerability has been patched in version 1.9.7.

CVE ID : CVE-2023-46122
Source : security-advisories@github.com
CVSS Score : 3.9

References :
https://github.com/sbt/io/commit/124538348db0713c80793cb57b915f97ec13188a | source : security-advisories@github.com
https://github.com/sbt/io/issues/358 | source : security-advisories@github.com
https://github.com/sbt/io/pull/360 | source : security-advisories@github.com
https://github.com/sbt/sbt/security/advisories/GHSA-h9mw-grgx-2fhf | source : security-advisories@github.com

Vulnerability : CWE-22


Source : vuldb.com

Vulnerability ID : CVE-2023-5694

First published on : 22-10-2023 23:15:08
Last modified on : 23-10-2023 11:35:01

Description :
A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been classified as problematic. Affected is an unknown function of the file pages_system_settings.php. The manipulation of the argument sys_name with the input <ScRiPt >alert(991)</ScRiPt> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243132.

CVE ID : CVE-2023-5694
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/E1CHO/cve_hub/blob/main/Internet%20Banking%20System/Internet%20Banking%20System%20-%20vuln%202.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.243132 | source : cna@vuldb.com
https://vuldb.com/?id.243132 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5695

First published on : 22-10-2023 23:15:08
Last modified on : 23-10-2023 11:35:01

Description :
A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file pages_reset_pwd.php. The manipulation of the argument email with the input testing%40example.com'%26%25<ScRiPt%20>alert(9860)</ScRiPt> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243133 was assigned to this vulnerability.

CVE ID : CVE-2023-5695
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/E1CHO/cve_hub/blob/main/Internet%20Banking%20System/Internet%20Banking%20System%20-%20vuln%203.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.243133 | source : cna@vuldb.com
https://vuldb.com/?id.243133 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5696

First published on : 22-10-2023 23:15:08
Last modified on : 23-10-2023 11:35:01

Description :
A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file pages_transfer_money.php. The manipulation of the argument account_number with the input 357146928--><ScRiPt%20>alert(9206)</ScRiPt><!-- leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-243134 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-5696
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/E1CHO/cve_hub/blob/main/Internet%20Banking%20System/Internet%20Banking%20System%20-%20vuln%204.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.243134 | source : cna@vuldb.com
https://vuldb.com/?id.243134 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5697

First published on : 23-10-2023 00:15:08
Last modified on : 23-10-2023 11:35:01

Description :
A vulnerability classified as problematic has been found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_withdraw_money.php. The manipulation of the argument account_number with the input 287359614--><ScRiPt%20>alert(1234)</ScRiPt><!-- leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243135.

CVE ID : CVE-2023-5697
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/E1CHO/cve_hub/blob/main/Internet%20Banking%20System/Internet%20Banking%20System%20-%20vuln%205.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.243135 | source : cna@vuldb.com
https://vuldb.com/?id.243135 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5698

First published on : 23-10-2023 00:15:08
Last modified on : 23-10-2023 11:35:01

Description :
A vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. This vulnerability affects unknown code of the file pages_deposit_money.php. The manipulation of the argument account_number with the input 421873905--><ScRiPt%20>alert(9523)</ScRiPt><!-- leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243136.

CVE ID : CVE-2023-5698
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/E1CHO/cve_hub/blob/main/Internet%20Banking%20System/Internet%20Banking%20System%20-%20vuln%206.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.243136 | source : cna@vuldb.com
https://vuldb.com/?id.243136 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5699

First published on : 23-10-2023 00:15:08
Last modified on : 23-10-2023 11:35:01

Description :
A vulnerability, which was classified as problematic, has been found in CodeAstro Internet Banking System 1.0. This issue affects some unknown processing of the file pages_view_client.php. The manipulation of the argument acc_name with the input Johnnie Reyes'"()&%<zzz><ScRiPt >alert(5646)</ScRiPt> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243137 was assigned to this vulnerability.

CVE ID : CVE-2023-5699
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/E1CHO/cve_hub/blob/main/Internet%20Banking%20System/Internet%20Banking%20System%20-%20vuln%207.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.243137 | source : cna@vuldb.com
https://vuldb.com/?id.243137 | source : cna@vuldb.com

Vulnerability : CWE-79


(59) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-39731

First published on : 20-10-2023 00:15:14
Last modified on : 20-10-2023 11:27:23

Description :
The leakage of the client secret in Kaibutsunosato v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.

CVE ID : CVE-2023-39731
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39731.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-45394

First published on : 20-10-2023 04:15:10
Last modified on : 20-10-2023 11:27:23

Description :
Stored Cross-Site Scripting (XSS) vulnerability in the Company field in the "Request a Quote" Section of Small CRM v3.0 allows an attacker to store and execute malicious javascript code in the Admin panel which leads to Admin account takeover.

CVE ID : CVE-2023-45394
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/kartik753/CVE/blob/main/CVE-2023-45394 | source : cve@mitre.org


Vulnerability ID : CVE-2023-45471

First published on : 20-10-2023 04:15:10
Last modified on : 20-10-2023 11:27:23

Description :
The QAD Search Server is vulnerable to Stored Cross-Site Scripting (XSS) in versions up to, and including, 1.0.0.315 due to insufficient checks on indexes. This makes it possible for unauthenticated attackers to create a new index and inject a malicious web script into its name, that will execute whenever a user accesses the search page.

CVE ID : CVE-2023-45471
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/itsAptx/CVE-2023-45471 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46267

First published on : 20-10-2023 04:15:10
Last modified on : 21-10-2023 21:15:08

Description :
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-5631. Reason: This candidate is a duplicate of CVE-2023-5631. Notes: All CVE users should reference CVE-2023-5631 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

CVE ID : CVE-2023-46267
Source : cve@mitre.org
CVSS Score : /

References :


Vulnerability ID : CVE-2023-46277

First published on : 20-10-2023 05:15:08
Last modified on : 20-10-2023 11:27:23

Description :
please (aka pleaser) through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. (If both TIOCSTI and TIOCLINUX are disabled, this cannot be exploited.)

CVE ID : CVE-2023-46277
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/rustsec/advisory-db/pull/1798 | source : cve@mitre.org
https://gitlab.com/edneville/please/-/issues/13 | source : cve@mitre.org
https://gitlab.com/edneville/please/-/merge_requests/69#note_1594254575 | source : cve@mitre.org
https://rustsec.org/advisories/RUSTSEC-2023-0066.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-40361

First published on : 20-10-2023 06:15:17
Last modified on : 20-10-2023 11:27:19

Description :
SECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the previewRm.sh daily cronjob. To exploit this, an attacker needs access as a low-privileged user to the underlying DOMOS system. Every user on the system has write permission for previewRm.sh, which is executed by the root user.

CVE ID : CVE-2023-40361
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/vianic/CVE-2023-40361/blob/main/advisory/advisory.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-46287

First published on : 20-10-2023 14:15:12
Last modified on : 20-10-2023 17:48:41

Description :
XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php.

CVE ID : CVE-2023-46287
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/NagVis/nagvis/compare/nagvis-1.9.37...nagvis-1.9.38 | source : cve@mitre.org
https://github.com/NagVis/nagvis/pull/356 | source : cve@mitre.org
https://github.com/NagVis/nagvis/pull/356/commits/d660591b23e5cfea4d1be2d3fb8f3855aa6020fb | source : cve@mitre.org


Vulnerability ID : CVE-2023-32785

First published on : 20-10-2023 22:15:10
Last modified on : 21-10-2023 08:33:34

Description :
In Langchain through 0.0.155, prompt injection allows execution of arbitrary code against the SQL service provided by the chain.

CVE ID : CVE-2023-32785
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/rharang/9c58d39db8c01db5b7c888e467c0533f | source : cve@mitre.org


Vulnerability ID : CVE-2023-32786

First published on : 20-10-2023 22:15:10
Last modified on : 21-10-2023 08:33:34

Description :
In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks.

CVE ID : CVE-2023-32786
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/rharang/d265f46fc3161b31ac2e81db44d662e1 | source : cve@mitre.org


Vulnerability ID : CVE-2023-38191

First published on : 20-10-2023 22:15:10
Last modified on : 21-10-2023 08:33:34

Description :
An issue was discovered in SuperWebMailer 9.00.0.01710. It allows spamtest_external.php XSS via a crafted filename.

CVE ID : CVE-2023-38191
Source : cve@mitre.org
CVSS Score : /

References :
https://herolab.usd.de/security-advisories/ | source : cve@mitre.org
https://herolab.usd.de/security-advisories/usd-2023-0012/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-43353

First published on : 20-10-2023 22:15:10
Last modified on : 21-10-2023 08:33:34

Description :
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component.

CVE ID : CVE-2023-43353
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/sromanhu/CVE-2023-43353-CMSmadesimple-Stored-XSS---News---Extra | source : cve@mitre.org


Vulnerability ID : CVE-2023-43354

First published on : 20-10-2023 22:15:10
Last modified on : 21-10-2023 08:33:34

Description :
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component.

CVE ID : CVE-2023-43354
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/sromanhu/CVE-2023-43354-CMSmadesimple-Stored-XSS---MicroTIny-extension | source : cve@mitre.org


Vulnerability ID : CVE-2023-43355

First published on : 20-10-2023 22:15:10
Last modified on : 21-10-2023 08:33:34

Description :
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component.

CVE ID : CVE-2023-43355
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/sromanhu/CMSmadesimple-Reflected-XSS---Add-user | source : cve@mitre.org
https://github.com/sromanhu/CVE-2023-43355-CMSmadesimple-Reflected-XSS---Add-user | source : cve@mitre.org


Vulnerability ID : CVE-2023-43356

First published on : 20-10-2023 22:15:10
Last modified on : 21-10-2023 08:33:34

Description :
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component.

CVE ID : CVE-2023-43356
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/sromanhu/CVE-2023-43356-CMSmadesimple-Stored-XSS---Global-Settings | source : cve@mitre.org


Vulnerability ID : CVE-2023-43357

First published on : 20-10-2023 22:15:10
Last modified on : 21-10-2023 08:33:34

Description :
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component.

CVE ID : CVE-2023-43357
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/sromanhu/CVE-2023-43357-CMSmadesimple-Stored-XSS---Shortcut | source : cve@mitre.org


Vulnerability ID : CVE-2023-43346

First published on : 20-10-2023 23:15:08
Last modified on : 21-10-2023 08:33:34

Description :
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Backend - Dashboard parameter in the Languages Menu component.

CVE ID : CVE-2023-43346
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/sromanhu/CVE-2023-43346-Quick-CMS-Stored-XSS---Languages-Backend | source : cve@mitre.org
https://github.com/sromanhu/Quick-CMS-Stored-XSS---Languages-Backend | source : cve@mitre.org


Vulnerability ID : CVE-2023-38190

First published on : 21-10-2023 01:15:07
Last modified on : 21-10-2023 08:33:34

Description :
An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Export SQL Injection via the size parameter.

CVE ID : CVE-2023-38190
Source : cve@mitre.org
CVSS Score : /

References :
https://herolab.usd.de/security-advisories/ | source : cve@mitre.org
https://herolab.usd.de/security-advisories/usd-2023-0014/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-38192

First published on : 21-10-2023 01:15:07
Last modified on : 21-10-2023 08:33:34

Description :
An issue was discovered in SuperWebMailer 9.00.0.01710. It allows superadmincreate.php XSS via crafted incorrect passwords.

CVE ID : CVE-2023-38192
Source : cve@mitre.org
CVSS Score : /

References :
https://herolab.usd.de/security-advisories/ | source : cve@mitre.org
https://herolab.usd.de/security-advisories/usd-2023-0011/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-38193

First published on : 21-10-2023 01:15:08
Last modified on : 21-10-2023 08:33:34

Description :
An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Remote Code Execution via a crafted sendmail command line.

CVE ID : CVE-2023-38193
Source : cve@mitre.org
CVSS Score : /

References :
https://herolab.usd.de/en/security-advisories/usd-2023-0015/ | source : cve@mitre.org
https://herolab.usd.de/security-advisories/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-38194

First published on : 21-10-2023 01:15:08
Last modified on : 21-10-2023 08:33:34

Description :
An issue was discovered in SuperWebMailer 9.00.0.01710. It allows keepalive.php XSS via a GET parameter.

CVE ID : CVE-2023-38194
Source : cve@mitre.org
CVSS Score : /

References :
https://herolab.usd.de/security-advisories/ | source : cve@mitre.org
https://herolab.usd.de/security-advisories/usd-2023-0013/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46003

First published on : 21-10-2023 01:15:08
Last modified on : 21-10-2023 08:33:34

Description :
I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) via index.php.

CVE ID : CVE-2023-46003
Source : cve@mitre.org
CVSS Score : /

References :
https://medium.com/@ray.999/stored-xss-in-i-doit-pro-25-and-below-cve-2023-46003-17fb8d6fe2e9 | source : cve@mitre.org
https://www.i-doit.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46054

First published on : 21-10-2023 07:15:07
Last modified on : 21-10-2023 08:33:34

Description :
Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component.

CVE ID : CVE-2023-46054
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/aaanz/aaanz.github.io/blob/master/XSS.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-46055

First published on : 21-10-2023 07:15:07
Last modified on : 21-10-2023 08:33:34

Description :
An issue in ThingNario Photon v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the ping function to the "thingnario Logger Maintenance Webpage" endpoint.

CVE ID : CVE-2023-46055
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/GroundCTL2MajorTom/eef0d55f5df77cc911d84392acdbf625 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46298

First published on : 22-10-2023 03:15:07
Last modified on : 23-10-2023 11:35:01

Description :
Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.

CVE ID : CVE-2023-46298
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/vercel/next.js/compare/v13.4.20-canary.12...v13.4.20-canary.13 | source : cve@mitre.org
https://github.com/vercel/next.js/issues/45301 | source : cve@mitre.org
https://github.com/vercel/next.js/pull/54732 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46300

First published on : 22-10-2023 04:15:09
Last modified on : 23-10-2023 11:35:01

Description :
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to tmux integration.

CVE ID : CVE-2023-46300
Source : cve@mitre.org
CVSS Score : /

References :
https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce | source : cve@mitre.org
https://github.com/gnachman/iTerm2/commit/ae8192522661c34d1cbe57f6f9ef2ff0a337c2a5 | source : cve@mitre.org
https://github.com/gnachman/iTerm2/commit/b2268b03b5f3d4cd8ca275eaef5d16d0fac20009 | source : cve@mitre.org
https://iterm2.com/news.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-46301

First published on : 22-10-2023 04:15:09
Last modified on : 23-10-2023 11:35:01

Description :
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to upload.

CVE ID : CVE-2023-46301
Source : cve@mitre.org
CVSS Score : /

References :
https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce | source : cve@mitre.org
https://github.com/gnachman/iTerm2/commit/85cbf5ebda472c9ec295887e99c2b6f1b5867f1b | source : cve@mitre.org
https://github.com/gnachman/iTerm2/commit/b2268b03b5f3d4cd8ca275eaef5d16d0fac20009 | source : cve@mitre.org
https://iterm2.com/news.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-46303

First published on : 22-10-2023 18:15:08
Last modified on : 23-10-2023 11:35:01

Description :
link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root.

CVE ID : CVE-2023-46303
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/0x1717/ssrf-via-img | source : cve@mitre.org
https://github.com/kovidgoyal/calibre/compare/v6.18.1...v6.19.0 | source : cve@mitre.org


Vulnerability ID : CVE-2021-46897

First published on : 22-10-2023 19:15:08
Last modified on : 23-10-2023 11:35:01

Description :
views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media.

CVE ID : CVE-2021-46897
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/coderedcorp/coderedcms/compare/v0.22.2...v0.22.3 | source : cve@mitre.org
https://github.com/coderedcorp/coderedcms/issues/448 | source : cve@mitre.org
https://github.com/coderedcorp/coderedcms/pull/450 | source : cve@mitre.org


Vulnerability ID : CVE-2021-46898

First published on : 22-10-2023 19:15:08
Last modified on : 23-10-2023 11:35:01

Description :
views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith("/") but this does not consider a protocol-relative URL (e.g., //example.com) attack.

CVE ID : CVE-2021-46898
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/sehmaschine/django-grappelli/commit/4ca94bcda0fa2720594506853d85e00c8212968f | source : cve@mitre.org
https://github.com/sehmaschine/django-grappelli/compare/2.15.1...2.15.2 | source : cve@mitre.org
https://github.com/sehmaschine/django-grappelli/issues/975 | source : cve@mitre.org
https://github.com/sehmaschine/django-grappelli/pull/976 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46315

First published on : 22-10-2023 22:15:08
Last modified on : 23-10-2023 11:35:01

Description :
The zanllp sd-webui-infinite-image-browsing (aka Infinite Image Browsing) extension before 977815a for stable-diffusion-webui (aka Stable Diffusion web UI), if Gradio authentication is enabled without secret key configuration, allows remote attackers to read any local file via /file?path= in the URL, as demonstrated by reading /proc/self/environ to discover credentials.

CVE ID : CVE-2023-46315
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/zanllp/sd-webui-infinite-image-browsing/issues/387 | source : cve@mitre.org
https://github.com/zanllp/sd-webui-infinite-image-browsing/pull/368/commits/977815a2b28ad953c10ef0114c365f698c4b8f19 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46317

First published on : 22-10-2023 23:15:08
Last modified on : 23-10-2023 11:35:01

Description :
Knot Resolver before 5.7.0 performs many TCP reconnections upon receiving certain nonsensical responses from servers.

CVE ID : CVE-2023-46317
Source : cve@mitre.org
CVSS Score : /

References :
https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1448 | source : cve@mitre.org
https://www.knot-resolver.cz/2023-08-22-knot-resolver-5.7.0.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-46319

First published on : 23-10-2023 00:15:08
Last modified on : 23-10-2023 11:35:01

Description :
WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows unauthenticated access to sensitive information by bypassing access control on a network access administration web interface.

CVE ID : CVE-2023-46319
Source : cve@mitre.org
CVSS Score : /

References :
https://www.wallix.com/support/alerts/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46321

First published on : 23-10-2023 00:15:08
Last modified on : 23-10-2023 11:35:01

Description :
iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell metacharacters for a /usr/bin/man command line.

CVE ID : CVE-2023-46321
Source : cve@mitre.org
CVSS Score : /

References :
https://gitlab.com/gnachman/iterm2/-/commit/de3d351e1bd3bc1c1a4f85fe976c592e497dd071 | source : cve@mitre.org
https://iterm2.com/downloads.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-46322

First published on : 23-10-2023 00:15:08
Last modified on : 23-10-2023 11:35:01

Description :
iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's initial character may be non-alphanumeric. The hostname's other characters may be outside the set of alphanumeric characters, dash, and period.

CVE ID : CVE-2023-46322
Source : cve@mitre.org
CVSS Score : /

References :
https://gitlab.com/gnachman/iterm2/-/commit/ef7bb84520013b2524df9787d4aa9f2c96746c01 | source : cve@mitre.org
https://iterm2.com/downloads.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-46324

First published on : 23-10-2023 01:15:07
Last modified on : 23-10-2023 11:35:01

Description :
pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been validated. An attacker can send arbitrary SUCIs to the UDM, which tries to decrypt them via both its private key and the attacker's public key.

CVE ID : CVE-2023-46324
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/free5gc/udm/compare/v1.1.1...v1.2.0 | source : cve@mitre.org
https://github.com/free5gc/udm/pull/20 | source : cve@mitre.org


Vulnerability ID : CVE-2023-42295

First published on : 23-10-2023 15:15:09
Last modified on : 23-10-2023 16:07:50

Description :
An issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_rle_image function of file bifs/unquantize.c

CVE ID : CVE-2023-42295
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/OpenImageIO/oiio/issues/3947 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46332

First published on : 23-10-2023 16:15:09
Last modified on : 23-10-2023 18:18:33

Description :
WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop(), which lead to segmentation fault.

CVE ID : CVE-2023-46332
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/WebAssembly/wabt/issues/2311 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46331

First published on : 23-10-2023 17:15:08
Last modified on : 23-10-2023 18:18:33

Description :
WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange(), which lead to segmentation fault.

CVE ID : CVE-2023-46331
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/WebAssembly/wabt/issues/2310 | source : cve@mitre.org


Vulnerability ID : CVE-2023-27148

First published on : 23-10-2023 20:15:08
Last modified on : 23-10-2023 20:15:08

Description :
A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter.

CVE ID : CVE-2023-27148
Source : cve@mitre.org
CVSS Score : /

References :
https://www.esecforte.com/cve-2023-27148-osticket_xss/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-27149

First published on : 23-10-2023 20:15:08
Last modified on : 23-10-2023 20:15:08

Description :
A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input parameter when updating a custom list.

CVE ID : CVE-2023-27149
Source : cve@mitre.org
CVSS Score : /

References :
https://www.esecforte.com/cve-2023-27149-osticket_xss/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46602

First published on : 23-10-2023 20:15:09
Last modified on : 23-10-2023 20:15:09

Description :
In International Color Consortium DemoIccMAX 79ecb74, there is a stack-based buffer overflow in the icFixXml function in IccXML/IccLibXML/IccUtilXml.cpp in libIccXML.a.

CVE ID : CVE-2023-46602
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/InternationalColorConsortium/DemoIccMAX/pull/53 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46603

First published on : 23-10-2023 20:15:09
Last modified on : 23-10-2023 20:15:09

Description :
In International Color Consortium DemoIccMAX 79ecb74, there is an out-of-bounds read in the CIccPRMG::GetChroma function in IccProfLib/IccPrmg.cpp in libSampleICC.a.

CVE ID : CVE-2023-46603
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/InternationalColorConsortium/DemoIccMAX/pull/53 | source : cve@mitre.org


Vulnerability ID : CVE-2023-27152

First published on : 23-10-2023 21:15:08
Last modified on : 23-10-2023 21:15:08

Description :
DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass authentication.

CVE ID : CVE-2023-27152
Source : cve@mitre.org
CVSS Score : /

References :
https://www.esecforte.com/cve-2023-27152-opnsense-brute-force/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-37635

First published on : 23-10-2023 21:15:08
Last modified on : 23-10-2023 21:15:08

Description :
UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application.

CVE ID : CVE-2023-37635
Source : cve@mitre.org
CVSS Score : /

References :
https://www.esecforte.com/cve-2023-37635-login-bruteforce/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-37636

First published on : 23-10-2023 21:15:08
Last modified on : 23-10-2023 21:15:08

Description :
A stored cross-site scripting (XSS) vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket.

CVE ID : CVE-2023-37636
Source : cve@mitre.org
CVSS Score : /

References :
https://www.esecforte.com/cve-2023-37636-stored-cross-site-scripting/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-45966

First published on : 23-10-2023 21:15:08
Last modified on : 23-10-2023 21:15:08

Description :
umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery (SSRF) vulnerability.

CVE ID : CVE-2023-45966
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/jet-pentest/CVE-2023-45966 | source : cve@mitre.org
https://github.com/umputun/remark42/issues/1677 | source : cve@mitre.org


Source : wordfence.com

Vulnerability ID : CVE-2023-5646

First published on : 20-10-2023 02:15:08
Last modified on : 23-10-2023 14:15:10

Description :
** REJECT ** it is a duplicate

CVE ID : CVE-2023-5646
Source : security@wordfence.com
CVSS Score : /

References :


Vulnerability ID : CVE-2023-5647

First published on : 20-10-2023 02:15:08
Last modified on : 23-10-2023 14:15:10

Description :
** REJECT ** it is a duplicate

CVE ID : CVE-2023-5647
Source : security@wordfence.com
CVSS Score : /

References :


Vulnerability ID : CVE-2023-5655

First published on : 20-10-2023 02:15:08
Last modified on : 23-10-2023 14:15:10

Description :
** REJECT ** it is a duplicate

CVE ID : CVE-2023-5655
Source : security@wordfence.com
CVSS Score : /

References :


Vulnerability ID : CVE-2022-4531

First published on : 20-10-2023 03:15:08
Last modified on : 20-10-2023 03:15:08

Description :
** REJECT ** Not a valid vulnerability.

CVE ID : CVE-2022-4531
Source : security@wordfence.com
CVSS Score : /

References :


Vulnerability ID : CVE-2023-5656

First published on : 20-10-2023 08:15:13
Last modified on : 23-10-2023 14:15:10

Description :
** REJECT ** it is a duplicate

CVE ID : CVE-2023-5656
Source : security@wordfence.com
CVSS Score : /

References :


Source : vmware.com

Vulnerability ID : CVE-2023-34051

First published on : 20-10-2023 05:15:07
Last modified on : 20-10-2023 11:27:23

Description :
VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.

CVE ID : CVE-2023-34051
Source : security@vmware.com
CVSS Score : /

References :
https://www.vmware.com/security/advisories/VMSA-2023-0021.html | source : security@vmware.com


Vulnerability ID : CVE-2023-34052

First published on : 20-10-2023 05:15:08
Last modified on : 20-10-2023 11:27:23

Description :
VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass.

CVE ID : CVE-2023-34052
Source : security@vmware.com
CVSS Score : /

References :
https://www.vmware.com/security/advisories/VMSA-2023-0021.html | source : security@vmware.com


Source : apache.org

Vulnerability ID : CVE-2023-44483

First published on : 20-10-2023 10:15:12
Last modified on : 20-10-2023 15:15:12

Description :
All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.

CVE ID : CVE-2023-44483
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/10/20/5 | source : security@apache.org
https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55 | source : security@apache.org

Vulnerability : CWE-532


Vulnerability ID : CVE-2023-31122

First published on : 23-10-2023 07:15:11
Last modified on : 23-10-2023 11:35:01

Description :
Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.

CVE ID : CVE-2023-31122
Source : security@apache.org
CVSS Score : /

References :
https://httpd.apache.org/security/vulnerabilities_24.html | source : security@apache.org

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-43622

First published on : 23-10-2023 07:15:11
Last modified on : 23-10-2023 11:35:01

Description :
An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue.

CVE ID : CVE-2023-43622
Source : security@apache.org
CVSS Score : /

References :
https://httpd.apache.org/security/vulnerabilities_24.html | source : security@apache.org

Vulnerability : CWE-400


Vulnerability ID : CVE-2023-45802

First published on : 23-10-2023 07:15:11
Last modified on : 23-10-2023 11:35:01

Description :
When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that. This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out. Users are recommended to upgrade to version 2.4.58, which fixes the issue.

CVE ID : CVE-2023-45802
Source : security@apache.org
CVSS Score : /

References :
https://httpd.apache.org/security/vulnerabilities_24.html | source : security@apache.org

Vulnerability : CWE-400


Vulnerability ID : CVE-2023-46288

First published on : 23-10-2023 19:15:11
Last modified on : 23-10-2023 19:15:11

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0. Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configuration even when the expose_config option is set to non-sensitive-only. The expose_config option is False by default. It is recommended to upgrade to a version that is not affected if you set expose_config to non-sensitive-only configuration. This is a different error than CVE-2023-45348 which allows authenticated user to retrieve individual configuration values in 2.7.* by specially crafting their request (solved in 2.7.2). Users are recommended to upgrade to version 2.7.2, which fixes the issue and additionally fixes CVE-2023-45348.

CVE ID : CVE-2023-46288
Source : security@apache.org
CVSS Score : /

References :
https://github.com/apache/airflow/pull/32261 | source : security@apache.org
https://lists.apache.org/thread/yw4vzm0c5lqkwm0bxv6qy03yfd1od4nw | source : security@apache.org

Vulnerability : CWE-200


Source : jpcert.or.jp

Vulnerability ID : CVE-2023-43624

First published on : 23-10-2023 05:15:07
Last modified on : 23-10-2023 11:35:01

Description :
CX-Designer Ver.3.740 and earlier (included in CX-One CXONE-AL[][]D-V4) contains an improper restriction of XML external entity reference (XXE) vulnerability. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Designer is installed may be disclosed.

CVE ID : CVE-2023-43624
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/vu/JVNVU98683567/ | source : vultures@jpcert.or.jp
https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-011_en.pdf | source : vultures@jpcert.or.jp


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.