NVD disclosure day

Published threat advisories for October 19, 2023

CVE advisoryCRITICAL

CVE-2023-45992

RUCKUS Cloudpath Persistent XSS and CSRF Vulnerability Enables Privilege Escalation.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in the RUCKUS Cloudpath web interface may allow an unauthenticated attacker to execute persistent cross-site scripting and cross-site request forgery attacks. Successful exploitation could lead to an attacker gaining full administrative privileges on the system. Confirming if this technology is in use a

CVE advisoryCRITICAL

CVE-2022-37830

WebJET CMS Cross-Site Scripting Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A cross-site scripting vulnerability exists in WebJET CMS, potentially allowing attackers to inject malicious scripts into web pages. This could lead to unauthorized actions or the theft of sensitive information if users interact with affected systems. The primary concern is to identify if your organization uses this s