i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
XSS
I Doit
NVD
CVSS 3.1
5.4
EPSS
1.2%
An issue was discovered in through SaltStack Salt before 3002.5. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Information Disclosure
Salt
Fedora
Debian Linux
NVD
GitHub
CVSS 3.1
4.4
EPSS
0.5%