CVE-2023-30559
The configuration from the PCU can be modified without authentication using physical connection to the PCU.
Source: CVE-2023-30559
[월:] 2023년 07월
CVE-2023-37785
CVE-2023-37785
A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smile_code parameter of the component /editprofile.php.
Source: CVE-2023-37785
CVE-2023-37787
CVE-2023-37787
Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php.
Source: CVE-2023-37787
CVE-2023-37786
CVE-2023-37786
Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settings[backend], Mail Settings[host], Mail Settings[port] and Mail Settings[auth] parameters of the /admin/configuration.php.
Source: CVE-2023-37786
CVE-2023-37746
CVE-2023-37746
A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter of the /admin/contactus.php component.
Source: CVE-2023-37746
CVE-2023-30151
CVE-2023-30151
A SQL injection vulnerability in the Boxtal (envoimoinscher) module for PrestaShop, after version 3.1.10, allows remote authenticated users to execute arbitrary SQL commands via the `key` GET parameter.
Source: CVE-2023-30151
CVE-2023-35833
CVE-2023-35833
An issue was discovered in YSoft SAFEQ 6 Server before 6.0.82. When modifying the URL of the LDAP server configuration from LDAPS to LDAP, the system does not require the password to be (re)entered. This results in exposing cleartext credentials when connecting to a rogue LDAP server.
Source: CVE-2023-35833
CVE-2023-37744
CVE-2023-37744
Maid Hiring Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-booking-request.php.
Source: CVE-2023-37744
CVE-2023-37743
CVE-2023-37743
A cross-site scripting (XSS) vulnerability in Teacher Subject Allocation System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search text box.
Source: CVE-2023-37743
CVE-2023-33768
CVE-2023-33768
Incorrect signature verification of the firmware during the Device Firmware Update process of Belkin Wemo Smart Plug WSP080 v1.2 allows attackers to cause a Denial of Service (DoS) via a crafted firmware file.
Source: CVE-2023-33768