Latest vulnerabilities of Saturday, September 23, 2023

Latest vulnerabilities of Saturday, September 23, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 09/23/2023 at 11:58:02 PM

(0) CRITICAL VULNERABILITIES [9.0, 10.0]

(0) HIGH VULNERABILITIES [7.0, 8.9]

(3) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : wordfence.com

Vulnerability ID : CVE-2023-5125

First published on : 23-09-2023 05:15:31
Last modified on : 23-09-2023 05:15:31

Description :
The Contact Form by FormGet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formget' shortcode in versions up to, and including, 5.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5125
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/formget-contact-form/trunk/index.php?rev=2145639#L504 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/fdd73289-f292-4903-951e-6a89049d39a7?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5134

First published on : 23-09-2023 08:15:10
Last modified on : 23-09-2023 08:15:10

Description :
The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erforms_user_meta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with subscriber-level capabilities or above, to retrieve arbitrary sensitive user meta.

CVE ID : CVE-2023-5134
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/browser/easy-registration-forms/tags/2.1.1/includes/class-user.php#L835 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/562fe11f-36a0-4f23-9eed-50ada7ab2961?source=cve | source : security@wordfence.com

Vulnerability : CWE-200


Source : redhat.com

Vulnerability ID : CVE-2022-3962

First published on : 23-09-2023 20:15:10
Last modified on : 23-09-2023 20:15:10

Description :
A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.

CVE ID : CVE-2022-3962
Source : secalert@redhat.com
CVSS Score : 4.3

References :
https://access.redhat.com/errata/RHSA-2023:0542 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2022-3962 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2148661 | source : secalert@redhat.com


(0) LOW VULNERABILITIES [0.1, 3.9]

(4) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-43338

First published on : 23-09-2023 00:15:20
Last modified on : 23-09-2023 03:46:18

Description :
Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This vulnerability allows attackers to execute arbitrary code via a crafted input.

CVE ID : CVE-2023-43338
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/cesanta/mjs/issues/250 | source : cve@mitre.org


Vulnerability ID : CVE-2023-43468

First published on : 23-09-2023 00:15:20
Last modified on : 23-09-2023 03:46:18

Description :
SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the login.php component.

CVE ID : CVE-2023-43468
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/ae6e361b/30d56c116d9f727b91c418d044f42fd3 | source : cve@mitre.org
https://github.com/ae6e361b/Online-Job-Portal | source : cve@mitre.org
https://www.sourcecodester.com/php/14518/online-job-portal-php-full-source-code-2020.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-43469

First published on : 23-09-2023 00:15:20
Last modified on : 23-09-2023 03:46:18

Description :
SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the ForPass.php component.

CVE ID : CVE-2023-43469
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/ae6e361b/28ffc44d39e406ce1bc627c0c5c3a7de | source : cve@mitre.org
https://github.com/ae6e361b/Online-Job-Portal-Forget | source : cve@mitre.org
https://www.sourcecodester.com/php/14518/online-job-portal-php-full-source-code-2020.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-43470

First published on : 23-09-2023 00:15:20
Last modified on : 23-09-2023 03:46:18

Description :
SQL injection vulnerability in janobe Online Voting System v.1.0 allows a remote attacker to execute arbitrary code via the checklogin.php component.

CVE ID : CVE-2023-43470
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/ae6e361b/1ed56fbfbbfd368835b8a8089f8ee64a | source : cve@mitre.org
https://github.com/ae6e361b/Online-Voting-System | source : cve@mitre.org
https://www.sourcecodester.com/php/14690/online-voting-system-phpmysqli-full-source-code.html | source : cve@mitre.org


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.