Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a category or directory name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
XSS
Serendipity
NVD
GitHub
CVSS 3.0
5.4
EPSS
0.2%
An issue was discovered in Sprecher Automation SPRECON-E Service Program before 3.43 SP0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
Privilege Escalation
Sprecon E Service Program
NVD
CVSS 3.0
7.5
EPSS
0.5%