>> ARCHIVE: 2023-03

BoxBilling versions 4.22.1.55 and below suffer from a remote code execution vulnerability.

Subrion CMS version 4.2.1 suffers from a persistent cross site scripting vulnerability.

X-Skipper-Proxy version 0.13.237 suffers from a server-side request forgery vulnerability.

Label Studio versions 1.5.0 and below suffer from a server-side request forgery vulnerability.

OPSWAT Metadefender Core version 4.21.1 suffers from a privilege escalation vulnerability.

Tunnel Interface Driver suffers from a denial of service vulnerability.

Moodle LMS version 4.0 suffers from a cross site scripting vulnerability.

Hashicorp Consul version 1.0 suffers from a remote command execution vulnerability.

This Metasploit module exploits an undocumented backdoor vulnerability in the Optergy Proton and Enterprise Building Management System (BMS) applications. Versions 2.0.3a and below are vulnerable. Attackers can exploit this issue…

ReQlogic version 11.3 suffers from a cross site scripting vulnerability.