Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-50563: Cms_Vuls_test/Semcms/Semcms_Sql_Inject.md at main · SecBridge/Cms_Vuls_test

Semcms v4.8 was discovered to contain a SQL injection vulnerability via the AID parameter at SEMCMS_Function.php.

CVE
Open in Source
#sql#vulnerability#git#php
CVE-2023-50566: EyouCMS-V1.6.5-UTF8-SP1 has a stored XSS vulnerability · Issue #56 · weng-xianhu/eyoucms

A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Registration Number parameter.

CVE-2023-50073: EmpireCMS v7.5 SetEnews.php has sql injection vulnerability · Issue #7 · leadscloud/EmpireCMS

EmpireCMS v7.5 was discovered to contain a SQL injection vulnerability via the ftppassword parameter at SetEnews.php.

CVE-2023-50565: Multiple stored XSS vulnerabilities in rpcms 3.5.5 · Issue #7 · ralap-z/rpcms

A cross-site scripting (XSS) vulnerability in the component /logs/dopost.html in RPCMS v3.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVE-2023-6572: Source repository compromise via github actions workflow in gradio

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository gradio-app/gradio prior to main.

CVE-2023-6545: VDE-2023-067 | CERT@VDE

The package authelia-bhf included in Beckhoffs TwinCAT/BSD is prone to an open redirect that allows a remote unprivileged attacker to redirect a user to another site. This may have limited impact to integrity and does solely affect anthelia-bhf the Beckhoff fork of authelia.

CVE-2023-5592: VDE-2023-054 | CERT@VDE

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to download and execute applications without integrity checks on the device which may result in a complete loss of integrity.

CVE-2023-50368: WordPress Shortcodes and extra features for Phlox theme plugin <= 2.15.2 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Shortcodes and extra features for Phlox theme allows Stored XSS.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.2.

CVE-2023-50370: WordPress Livemesh Addons for WPBakery Page Builder plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Livemesh WPBakery Page Builder Addons by Livemesh allows Stored XSS.This issue affects WPBakery Page Builder Addons by Livemesh: from n/a through 3.5.

CVE-2023-50369: WordPress Alma plugin <= 5.1.3 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alma Alma – Pay in installments or later for WooCommerce allows Stored XSS.This issue affects Alma – Pay in installments or later for WooCommerce: from n/a through 5.1.3.