Security Vulnerabilities - CVEs Published In April 2024
Survey Maker prior to 3.6.4 contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product with the administrative privilege.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-04-03
Cross Site Scripting (XSS) vulnerability in Lime Survey Community Edition Version v.5.3.32+220817, allows remote attackers to execute arbitrary code via the Administrator email address parameter in the General Setting function.
CVSS Score
6.1
EPSS Score
0.004
Published
2024-04-03
Server Side Request Forgery (SSRF) vulnerability in Gleez Cms 1.2.0, allows remote attackers to execute arbitrary code and obtain sensitive information via modules/gleez/classes/request.php.
CVSS Score
9.4
EPSS Score
0.025
Published
2024-04-03
SQL Injection vulnerability in PHPGurukul Men Salon Management System v.2.0, allows remote attackers to execute arbitrary code and obtain sensitive information via the email parameter in the index.php component.
CVSS Score
9.8
EPSS Score
0.133
Published
2024-04-03
An issue was discovered in WUZHICMS version 4.1.0, allows an attacker to execute arbitrary code and obtain sensitive information via the index.php file.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-04-03
Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admin_template.php.
CVSS Score
9.8
EPSS Score
0.041
Published
2024-04-03
The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2.27 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks.
CVSS Score
6.8
EPSS Score
0.002
Published
2024-04-03
SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via lgid parameter in Banner.php.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-04-03
SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Banner.php.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-04-03
An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the upload.php file.
CVSS Score
9.8
EPSS Score
0.039
Published
2024-04-03