βΌ CVE-2023-5898 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.π Read
via "National Vulnerability Database".
βΌ CVE-2023-47097 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Virtualmin 7.7. The Server Templates feature under System Settings allows XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5891 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository pkp/pkp-lib prior to 3.3.0-16.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5895 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - DOM in GitHub repository pkp/pkp-lib prior to 3.3.0-16.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5897 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/customLocale prior to 1.2.0-1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46278 βΌ
π Read
via "National Vulnerability Database".
Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.1.0 to 4.1.1 allows a remote authenticated attacker to consume huge storage space or cause significantly delayed communication.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5896 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.4.0-4.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2621 βΌ
π Read
via "National Vulnerability Database".
The McFeeder server (distributed as part of SSW package), is susceptible to an arbitrary file write vulnerability on the MAIN computersystem. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An authenticated malicious client canexploit this vulnerability by uploading a crafted ZIP archive via thenetwork to McFeederΓ’β¬β’s service endpoint.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5514 βΌ
π Read
via "National Vulnerability Database".
The response messages received from the eSOMS report generation using certain parameter queries with full file path can beabused for enumerating the local file system structure.π Read
via "National Vulnerability Database".
βΌ CVE-2023-47099 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Virtualmin 7.7. The Create Virtual Server functionality allows XSS attacks against anyone who accesses the Virtual Server Summary tab.π Read
via "National Vulnerability Database".
βΌ CVE-2023-47096 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Virtualmin 7.7. The Cloudmin Services Client under System Settings allows XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5889 βΌ
π Read
via "National Vulnerability Database".
Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16.π Read
via "National Vulnerability Database".
βΌ CVE-2023-47095 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Virtualmin 7.7. The Custom Fields feature of Edit Virtual Server under System Customization allows XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5893 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5894 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/ojs prior to 3.3.0-16.π Read
via "National Vulnerability Database".
βΌ CVE-2023-47094 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Virtualmin 7.7. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Account Plans tab of System Settings via the Plan Name field. Whenever the module is accessed, the XSS payload is executed.π Read
via "National Vulnerability Database".
π€―1
βΌ CVE-2023-5516 βΌ
π Read
via "National Vulnerability Database".
Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosinginformation about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints,backend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities.π Read
via "National Vulnerability Database".
π¦Ώ TechRepublic Premium Editorial Calendar: Policies, Checklists, Hiring Kits and Glossaries for Download π¦Ώ
π Read
via "Tech Republic".
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.π Read
via "Tech Republic".
TechRepublic
TechRepublic Premium Editorial Calendar: Policies, Hiring Kits, and Glossaries for Download
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
βΌ CVE-2023-4198 βΌ
π Read
via "National Vulnerability Database".
Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer dataπ Read
via "National Vulnerability Database".
βΌ CVE-2023-4197 βΌ
π Read
via "National Vulnerability Database".
Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42636 βΌ
π Read
via "National Vulnerability Database".
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges neededπ Read
via "National Vulnerability Database".