Security Vulnerabilities - CVEs Published In June 2023
The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to normalize_url in lib.rs, a similar issue to CVE-2023-32758 (Python).
CVSS Score
7.5
EPSS Score
0.001
Published
2023-06-12
EyouCMS 1.6.2 is vulnerable to Cross Site Scripting (XSS).
CVSS Score
5.4
EPSS Score
0.001
Published
2023-06-12
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GalleryPlugins Video Contest plugin <= 3.2 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-06-12
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember plugin <= 4.0.1 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-06-12
A vulnerability classified as problematic was found in cchetanonline WP-CopyProtect up to 3.0.0. This vulnerability affects the function CopyProtect_options_page of the file wp-copyprotect.php. The manipulation of the argument CopyProtect_nrc_text leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 3.1.0 is able to address this issue. The patch is identified as 8b8fe4102886b326330dc1ff06b17313fb10aee5. It is recommended to upgrade the affected component. VDB-231202 is the identifier assigned to this vulnerability.
CVSS Score
3.5
EPSS Score
0.001
Published
2023-06-12
All versions of the package progressbar.js are vulnerable to Prototype Pollution via the function extend() in the file utils.js.
CVSS Score
8.2
EPSS Score
0.001
Published
2023-06-12
In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.
CVSS Score
9.1
EPSS Score
0.337
Published
2023-06-12
The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary.
CVSS Score
5.3
EPSS Score
0.009
Published
2023-06-12
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-24036.
CVSS Score
8.8
EPSS Score
0.021
Published
2023-06-12
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow command injection by authenticated users, aka OSFOURK-23554.
CVSS Score
8.8
EPSS Score
0.019
Published
2023-06-12