Latest vulnerabilities of Saturday, September 30, 2023

Latest vulnerabilities of Saturday, September 30, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 09/30/2023 at 11:58:02 PM

(3) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : wordfence.com

Vulnerability ID : CVE-2023-5201

First published on : 30-09-2023 03:15:09
Last modified on : 30-09-2023 03:16:35

Description :
The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.3.0 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. This requires the [php] shortcode setting to be enabled on the vulnerable site.

CVE ID : CVE-2023-5201
Source : security@wordfence.com
CVSS Score : 9.9

References :
https://plugins.trac.wordpress.org/browser/thesis-openhook/tags/4.3.0/inc/shortcodes.php#L28 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/thesis-openhook/tags/4.3.1/inc/shortcodes.php?rev=2972840#L24 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/37b9ed0e-5af2-47c1-b2da-8d103e4c31bf?source=cve | source : security@wordfence.com

Vulnerability : CWE-94


Source : huntr.dev

Vulnerability ID : CVE-2023-5316

First published on : 30-09-2023 01:15:39
Last modified on : 30-09-2023 01:57:32

Description :
Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

CVE ID : CVE-2023-5316
Source : security@huntr.dev
CVSS Score : 9.1

References :
https://github.com/thorsten/phpmyfaq/commit/332d2e4a83251d406ca58dd11c27c598673aa5fa | source : security@huntr.dev
https://huntr.dev/bounties/f877e65a-e647-457b-b105-7e5c9f58fb43 | source : security@huntr.dev

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5320

First published on : 30-09-2023 01:15:39
Last modified on : 30-09-2023 01:57:32

Description :
Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

CVE ID : CVE-2023-5320
Source : security@huntr.dev
CVSS Score : 9.0

References :
https://github.com/thorsten/phpmyfaq/commit/e92369543959772adcdab4f36c837faa27490346 | source : security@huntr.dev
https://huntr.dev/bounties/3a2bc18b-5932-4fb5-a01e-24b2b0443b67 | source : security@huntr.dev

Vulnerability : CWE-79


(18) HIGH VULNERABILITIES [7.0, 8.9]

Source : fluidattacks.com

Vulnerability ID : CVE-2023-43702

First published on : 30-09-2023 02:15:09
Last modified on : 30-09-2023 02:50:07

Description :
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "tracking_number" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.

CVE ID : CVE-2023-43702
Source : help@fluidattacks.com
CVSS Score : 8.8

References :
https://fluidattacks.com/advisories/bts/ | source : help@fluidattacks.com
https://www.oscommerce.com/ | source : help@fluidattacks.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-43703

First published on : 30-09-2023 02:15:09
Last modified on : 30-09-2023 02:50:07

Description :
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "product_info[][name]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.

CVE ID : CVE-2023-43703
Source : help@fluidattacks.com
CVSS Score : 8.8

References :
https://fluidattacks.com/advisories/bts/ | source : help@fluidattacks.com
https://www.oscommerce.com/ | source : help@fluidattacks.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-43704

First published on : 30-09-2023 02:15:09
Last modified on : 30-09-2023 02:50:07

Description :
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "title" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.

CVE ID : CVE-2023-43704
Source : help@fluidattacks.com
CVSS Score : 8.8

References :
https://fluidattacks.com/advisories/bts/ | source : help@fluidattacks.com
https://www.oscommerce.com/ | source : help@fluidattacks.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-43705

First published on : 30-09-2023 02:15:09
Last modified on : 30-09-2023 02:50:07

Description :
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "translation_value[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.

CVE ID : CVE-2023-43705
Source : help@fluidattacks.com
CVSS Score : 8.8

References :
https://fluidattacks.com/advisories/bts/ | source : help@fluidattacks.com
https://www.oscommerce.com/ | source : help@fluidattacks.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-43706

First published on : 30-09-2023 02:15:09
Last modified on : 30-09-2023 02:50:07

Description :
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "email_templates_key" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.

CVE ID : CVE-2023-43706
Source : help@fluidattacks.com
CVSS Score : 8.8

References :
https://fluidattacks.com/advisories/bts/ | source : help@fluidattacks.com
https://www.oscommerce.com/ | source : help@fluidattacks.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-43707

First published on : 30-09-2023 03:15:09
Last modified on : 30-09-2023 03:16:35

Description :
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "CatalogsPageDescriptionForm[1][name] " parameter, potentially leading to unauthorized execution of scripts within a user's web browser.

CVE ID : CVE-2023-43707
Source : help@fluidattacks.com
CVSS Score : 8.8

References :
https://fluidattacks.com/advisories/bts/ | source : help@fluidattacks.com
https://www.oscommerce.com/ | source : help@fluidattacks.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-43708

First published on : 30-09-2023 03:15:09
Last modified on : 30-09-2023 03:16:35

Description :
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE_PAYMENT_SAGE_PAY_SERVER_TEXT_TITLE)" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.

CVE ID : CVE-2023-43708
Source : help@fluidattacks.com
CVSS Score : 8.8

References :
https://fluidattacks.com/advisories/bts/ | source : help@fluidattacks.com
https://www.oscommerce.com/ | source : help@fluidattacks.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-43709

First published on : 30-09-2023 03:15:09
Last modified on : 30-09-2023 03:16:35

Description :
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE)" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.

CVE ID : CVE-2023-43709
Source : help@fluidattacks.com
CVSS Score : 8.8

References :
https://fluidattacks.com/advisories/bts/ | source : help@fluidattacks.com
https://www.oscommerce.com/ | source : help@fluidattacks.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-43710

First published on : 30-09-2023 03:15:09
Last modified on : 30-09-2023 03:16:35

Description :
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "configuration_title[1][MODULE_SHIPPING_PERCENT_TEXT_TITLE]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.

CVE ID : CVE-2023-43710
Source : help@fluidattacks.com
CVSS Score : 8.8

References :
https://fluidattacks.com/advisories/bts/ | source : help@fluidattacks.com
https://www.oscommerce.com/ | source : help@fluidattacks.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-43711

First published on : 30-09-2023 03:15:09
Last modified on : 30-09-2023 03:16:35

Description :
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "admin_firstname" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.

CVE ID : CVE-2023-43711
Source : help@fluidattacks.com
CVSS Score : 8.8

References :
https://fluidattacks.com/advisories/bts/ | source : help@fluidattacks.com
https://www.oscommerce.com/ | source : help@fluidattacks.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-43712

First published on : 30-09-2023 21:15:09
Last modified on : 30-09-2023 21:15:09

Description :
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "access_levels_name" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.

CVE ID : CVE-2023-43712
Source : help@fluidattacks.com
CVSS Score : 8.8

References :
https://fluidattacks.com/advisories/bts/ | source : help@fluidattacks.com
https://www.oscommerce.com/ | source : help@fluidattacks.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-43713

First published on : 30-09-2023 21:15:09
Last modified on : 30-09-2023 21:15:09

Description :
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability, which allows attackers to inject JS via the "title" parameter, in the "/admin/admin-menu/add-submit" endpoint, which can lead to unauthorized execution of scripts in a user's web browser.

CVE ID : CVE-2023-43713
Source : help@fluidattacks.com
CVSS Score : 8.8

References :
https://fluidattacks.com/advisories/bts/ | source : help@fluidattacks.com
https://www.oscommerce.com/ | source : help@fluidattacks.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-43714

First published on : 30-09-2023 21:15:10
Last modified on : 30-09-2023 21:15:10

Description :
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "SKIP_CART_PAGE_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.

CVE ID : CVE-2023-43714
Source : help@fluidattacks.com
CVSS Score : 8.8

References :
https://fluidattacks.com/advisories/bts/ | source : help@fluidattacks.com
https://www.oscommerce.com/ | source : help@fluidattacks.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-43715

First published on : 30-09-2023 21:15:10
Last modified on : 30-09-2023 21:15:10

Description :
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "ENTRY_FIRST_NAME_MIN_LENGTH_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.

CVE ID : CVE-2023-43715
Source : help@fluidattacks.com
CVSS Score : 8.8

References :
https://fluidattacks.com/advisories/bts/ | source : help@fluidattacks.com
https://www.oscommerce.com/ | source : help@fluidattacks.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-43716

First published on : 30-09-2023 21:15:10
Last modified on : 30-09-2023 21:15:10

Description :
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "MAX_DISPLAY_NEW_PRODUCTS_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.

CVE ID : CVE-2023-43716
Source : help@fluidattacks.com
CVSS Score : 8.8

References :
https://fluidattacks.com/advisories/bts/ | source : help@fluidattacks.com
https://www.oscommerce.com/ | source : help@fluidattacks.com

Vulnerability : CWE-79


Source : huntr.dev

Vulnerability ID : CVE-2023-5319

First published on : 30-09-2023 01:15:39
Last modified on : 30-09-2023 01:57:32

Description :
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

CVE ID : CVE-2023-5319
Source : security@huntr.dev
CVSS Score : 8.3

References :
https://github.com/thorsten/phpmyfaq/commit/95ed9b20557ed930d4eed1f3a6db713416f31131 | source : security@huntr.dev
https://huntr.dev/bounties/e2542cbe-41ab-4a90-b6a4-191884c1834d | source : security@huntr.dev

Vulnerability : CWE-79


Source : gitlab.com

Vulnerability ID : CVE-2023-5207

First published on : 30-09-2023 09:15:14
Last modified on : 30-09-2023 09:15:14

Description :
A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user.

CVE ID : CVE-2023-5207
Source : cve@gitlab.com
CVSS Score : 8.2

References :
https://gitlab.com/gitlab-org/gitlab/-/issues/425604 | source : cve@gitlab.com
https://gitlab.com/gitlab-org/gitlab/-/issues/425857 | source : cve@gitlab.com
https://hackerone.com/reports/2174141 | source : cve@gitlab.com

Vulnerability : CWE-284


Source : vuldb.com

Vulnerability ID : CVE-2022-4956

First published on : 30-09-2023 17:15:39
Last modified on : 30-09-2023 17:15:39

Description :
A vulnerability classified as critical has been found in Caphyon Advanced Installer 19.7. This affects an unknown part of the component WinSxS DLL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 19.7.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-240903.

CVE ID : CVE-2022-4956
Source : cna@vuldb.com
CVSS Score : 7.8

References :
https://heegong.github.io/posts/Advaned-Installer-Local-Privilege-Escalation-Vulnerability/ | source : cna@vuldb.com
https://vuldb.com/?ctiid.240903 | source : cna@vuldb.com
https://vuldb.com/?id.240903 | source : cna@vuldb.com
https://www.advancedinstaller.com/release-19.7.1.html#bugfixes | source : cna@vuldb.com

Vulnerability : CWE-427


(9) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : huntr.dev

Vulnerability ID : CVE-2023-5227

First published on : 30-09-2023 01:15:39
Last modified on : 30-09-2023 01:57:32

Description :
Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8.

CVE ID : CVE-2023-5227
Source : security@huntr.dev
CVSS Score : 6.5

References :
https://github.com/thorsten/phpmyfaq/commit/abf52487422ce47195c8a80bd904a7af39f60297 | source : security@huntr.dev
https://huntr.dev/bounties/a335c013-db75-4120-872c-42059c7100e8 | source : security@huntr.dev

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-5317

First published on : 30-09-2023 01:15:39
Last modified on : 30-09-2023 01:57:32

Description :
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

CVE ID : CVE-2023-5317
Source : security@huntr.dev
CVSS Score : 6.3

References :
https://github.com/thorsten/phpmyfaq/commit/ec551bdf1566ede1e55f289888c446f877ad9a83 | source : security@huntr.dev
https://huntr.dev/bounties/5e146e7c-60c7-498b-9ffe-fd4cb4ca8c54 | source : security@huntr.dev

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5318

First published on : 30-09-2023 01:15:39
Last modified on : 30-09-2023 01:57:32

Description :
Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0.

CVE ID : CVE-2023-5318
Source : security@huntr.dev
CVSS Score : 5.8

References :
https://github.com/microweber/microweber/commit/c48b34dfd6cae7a55b452280d692dc62512574b0 | source : security@huntr.dev
https://huntr.dev/bounties/17826bdd-8136-48ae-afb9-af627cb6fd5d | source : security@huntr.dev

Vulnerability : CWE-798


Vulnerability ID : CVE-2023-5321

First published on : 30-09-2023 14:15:15
Last modified on : 30-09-2023 14:15:15

Description :
Missing Authorization in GitHub repository hamza417/inure prior to build94.

CVE ID : CVE-2023-5321
Source : security@huntr.dev
CVSS Score : 5.1

References :
https://github.com/hamza417/inure/commit/57fda918bfd2fb863f579841a46363fe8e10c29b | source : security@huntr.dev
https://huntr.dev/bounties/b1becc68-e738-458f-bd99-06ee77580d3a | source : security@huntr.dev

Vulnerability : CWE-862


Source : wordfence.com

Vulnerability ID : CVE-2023-5295

First published on : 30-09-2023 03:15:09
Last modified on : 30-09-2023 03:16:35

Description :
The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'vivafbcomment' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5295
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/facebook-comment-by-vivacity/tags/1.4/user-file.php#L172 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/602b3b9c-76a7-4b0b-8aad-e554c2fd6910?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Source : vuldb.com

Vulnerability ID : CVE-2023-5300

First published on : 30-09-2023 10:15:10
Last modified on : 30-09-2023 10:15:10

Description :
A vulnerability classified as critical has been found in TTSPlanning up to 20230925. This affects an unknown part. The manipulation of the argument uid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240939.

CVE ID : CVE-2023-5300
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/CV3TR4CK/CV3Cyb3R/blob/main/2023/TTSPlanning/TTSPlanning.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.240939 | source : cna@vuldb.com
https://vuldb.com/?id.240939 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5298

First published on : 30-09-2023 06:15:11
Last modified on : 30-09-2023 06:15:11

Description :
A vulnerability was found in Tongda OA 2017. It has been rated as critical. Affected by this issue is some unknown functionality of the file general/hr/recruit/requirements/delete.php. The manipulation of the argument REQUIREMENTS_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-240938 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-5298
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/szh0105/cve/blob/main/sql.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.240938 | source : cna@vuldb.com
https://vuldb.com/?id.240938 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-5313

First published on : 30-09-2023 15:15:10
Last modified on : 30-09-2023 15:15:10

Description :
A vulnerability classified as problematic was found in phpkobo Ajax Poll Script 3.18. Affected by this vulnerability is an unknown functionality of the file ajax-poll.php of the component Poll Handler. The manipulation leads to improper enforcement of a single, unique action. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240949 was assigned to this vulnerability.

CVE ID : CVE-2023-5313
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://github.com/tht1997/WhiteBox/blob/main/PHPKOBO/ajax_pool_script.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.240949 | source : cna@vuldb.com
https://vuldb.com/?id.240949 | source : cna@vuldb.com

Vulnerability : CWE-837


Vulnerability ID : CVE-2023-5301

First published on : 30-09-2023 11:15:15
Last modified on : 30-09-2023 11:15:15

Description :
A vulnerability classified as critical was found in DedeCMS 5.7.111. This vulnerability affects the function AddMyAddon of the file album_add.php. The manipulation of the argument albumUploadFiles leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240940.

CVE ID : CVE-2023-5301
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://github.com/Lamber-maybe/cve/blob/main/DedeCMS%20V5.7.111%20Remote%20Code%20Execution%20Vulnerability.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.240940 | source : cna@vuldb.com
https://vuldb.com/?id.240940 | source : cna@vuldb.com

Vulnerability : CWE-78


(4) LOW VULNERABILITIES [0.1, 3.9]

Source : vuldb.com

Vulnerability ID : CVE-2023-5302

First published on : 30-09-2023 12:15:09
Last modified on : 30-09-2023 12:15:09

Description :
A vulnerability, which was classified as problematic, has been found in SourceCodester Best Courier Management System 1.0. This issue affects some unknown processing of the component Manage Account Page. The manipulation of the argument First Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240941 was assigned to this vulnerability.

CVE ID : CVE-2023-5302
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/rohit0x5/poc/blob/main/cve_2 | source : cna@vuldb.com
https://vuldb.com/?ctiid.240941 | source : cna@vuldb.com
https://vuldb.com/?id.240941 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5303

First published on : 30-09-2023 14:15:15
Last modified on : 30-09-2023 14:15:15

Description :
A vulnerability, which was classified as problematic, was found in Online Banquet Booking System 1.0. Affected is an unknown function of the file /view-booking-detail.php of the component Account Detail Handler. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. VDB-240942 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-5303
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://vuldb.com/?ctiid.240942 | source : cna@vuldb.com
https://vuldb.com/?id.240942 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5304

First published on : 30-09-2023 15:15:10
Last modified on : 30-09-2023 15:15:10

Description :
A vulnerability has been found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /book-services.php of the component Service Booking. The manipulation of the argument message leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-240943.

CVE ID : CVE-2023-5304
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://vuldb.com/?ctiid.240943 | source : cna@vuldb.com
https://vuldb.com/?id.240943 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-5305

First published on : 30-09-2023 15:15:10
Last modified on : 30-09-2023 15:15:10

Description :
A vulnerability was found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /mail.php of the component Contact Us Page. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-240944.

CVE ID : CVE-2023-5305
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://vuldb.com/?ctiid.240944 | source : cna@vuldb.com
https://vuldb.com/?id.240944 | source : cna@vuldb.com

Vulnerability : CWE-79


(1) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-44488

First published on : 30-09-2023 20:15:10
Last modified on : 30-09-2023 20:15:10

Description :
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.

CVE ID : CVE-2023-44488
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f | source : cve@mitre.org
https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937 | source : cve@mitre.org
https://github.com/webmproject/libvpx/compare/v1.13.0...v1.13.1 | source : cve@mitre.org
https://github.com/webmproject/libvpx/releases/tag/v1.13.1 | source : cve@mitre.org


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.