Security Vulnerabilities - CVEs Published In July 2023
Cross Site Scripting (XSS) vulnerability in DuxCMS 2.1 allows remote attackers to run arbitrary code via the content, time, copyfrom parameters when adding or editing a post.
CVSS Score
5.4
EPSS Score
0.0
Published
2023-07-31
Fuge CMS v1.0 contains an Open Redirect vulnerability via /front/ProcessAct.java.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-07-31
Fuge CMS v1.0 contains an Open Redirect vulnerability in member/RegisterAct.java.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-07-31
CVE-2023-37580
Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.
Known exploited
CVSS Score
6.1
EPSS Score
0.939
Published
2023-07-31
Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php.
CVSS Score
9.8
EPSS Score
0.048
Published
2023-07-31
In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-07-31
Issue summary: Checking excessively long DH keys or parameters may be very slow.
Impact summary: Applications that use the functions DH_check(), DH_check_ex()
or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long
delays. Where the key or parameters that are being checked have been obtained
from an untrusted source this may lead to a Denial of Service.
The function DH_check() performs various checks on DH parameters. After fixing
CVE-2023-3446 it was discovered that a large q parameter value can also trigger
an overly long computation during some of these checks. A correct q value,
if present, cannot be larger than the modulus p parameter, thus it is
unnecessary to perform these checks if q is larger than p.
An application that calls DH_check() and supplies a key or parameters obtained
from an untrusted source could be vulnerable to a Denial of Service attack.
The function DH_check() is itself called by a number of other OpenSSL functions.
An application calling any of those other functions may similarly be affected.
The other functions affected by this are DH_check_ex() and
EVP_PKEY_param_check().
Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications
when using the "-check" option.
The OpenSSL SSL/TLS implementation is not affected by this issue.
The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.
CVSS Score
5.3
EPSS Score
0.003
Published
2023-07-31
Vound Intella Connect 2.6.0.3 has an Open Redirect vulnerability.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-07-31
Vound Intella Connect 2.6.0.3 is vulnerable to stored Cross-site Scripting (XSS).
CVSS Score
5.4
EPSS Score
0.001
Published
2023-07-31
An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group's real name parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-07-31