Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-4112

A vulnerability was found in PHP Jabbers Shuttle Booking Software 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-235959. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE
Open in Source
#xss#vulnerability#php
CVE-2023-4113

A vulnerability was found in PHP Jabbers Service Booking Script 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-235960. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2023-4124

Missing Authorization in GitHub repository answerdev/answer prior to v1.1.1.

CVE-2023-4126

Insufficient Session Expiration in GitHub repository answerdev/answer prior to v1.1.0.

CVE-2023-4127: refactor(votes): refactor user vote repo · answerdev/answer@47661dc

Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1.

CVE-2023-4111

A vulnerability was found in PHP Jabbers Bus Reservation System 1.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument index/pickup_id leads to cross site scripting. The attack may be launched remotely. VDB-235958 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2023-4125: fix(password): password can't contains space. · answerdev/answer@7d23b17

Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0.

CVE-2023-37679: NextGen Healthcare

A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.

CVE-2023-39144: It Just Did It For Me Time Capture

Element55 KnowMore appliances version 21 and older was discovered to store passwords in plaintext.

CVE-2023-37364: WS Inc. | Home

In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapter does not disable entity resolution. This allows context-dependent attackers to read arbitrary files or cause a denial of service, a similar issue to CVE-2013-4152.