Security Vulnerabilities - CVEs Published In August 2019
django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_reverse_inline.
CVSS Score
6.1
EPSS Score
0.01
Published
2019-08-23
DfE School Experience before v16333-GA has XSS via a teacher training URL.
CVSS Score
6.1
EPSS Score
0.009
Published
2019-08-23
Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test.
CVSS Score
6.1
EPSS Score
0.009
Published
2019-08-23
openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21.
CVSS Score
9.8
EPSS Score
0.017
Published
2019-08-23
openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21.
CVSS Score
8.8
EPSS Score
0.006
Published
2019-08-23
openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21.
CVSS Score
6.1
EPSS Score
0.008
Published
2019-08-23
openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21.
CVSS Score
7.5
EPSS Score
0.012
Published
2019-08-23
openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21.
CVSS Score
9.8
EPSS Score
0.015
Published
2019-08-23
The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, because attackers can find these numbers via the Group Info feature, e.g., by adding a significant fraction of a region's assigned phone numbers.
CVSS Score
5.3
EPSS Score
0.023
Published
2019-08-23
Former before 4.2.1 has XSS via a checkbox value.
CVSS Score
6.1
EPSS Score
0.009
Published
2019-08-23