Stored XSS vulnerability (CVE-2023-5118) has been found in Kofax Capture software.

A vulnerability has been found in the TCExam open source software (CVE-2023-6554).

An open redirect vulnerability has been found in the TasmoAdmin open source software (CVE-2023-6552).

CERT Poland has received a report about a SQL injection vulnerability in the PrestaShop Google Integrator software and assigned it the number CVE-2023-6921.

Stored XSS vulnerability has been found in class.upload.php open source library (CVE-2023-6551).

Artemis is an open-source security vulnerability scanner developed by CERT PL. It is built to look for website misconfigurations and vulnerabilities on a large number of sites. It automatically prepares reports that can be sent to the affected institutions. Thanks to its modular architecture, it can be used to combine the results of various other tools in a single dashboard.

CERT Poland has received a report about a vulnerability in the CoolKit Technology eWeLink mobile application (Android & iOS) and assigned it the number CVE-2023-6998.

Stored XSS vulnerability has been found in SmodBIP and MegaBIP software (CVE-2023-5378).

CERT Polska, Polish Military Counterintelligence Service (SKW), and external partners assess Russian Foreign Intelligence Service (SVR) cyber actors, also known as APT 29, the Dukes, CozyBear, and NOBELIUM/Midnight Blizzard, are exploiting CVE-2023-42793 at a large scale.

Reflected XSS vulnerability (CVE-2023-4932) has been found in SAS 9.4 software.