Latest vulnerabilities of Sunday, November 26, 2023

Latest vulnerabilities of Sunday, November 26, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 11/26/2023 at 11:57:23 PM

(0) CRITICAL VULNERABILITIES [9.0, 10.0]

(0) HIGH VULNERABILITIES [7.0, 8.9]

(1) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : vuldb.com

Vulnerability ID : CVE-2023-6296

First published on : 26-11-2023 22:15:06
Last modified on : 26-11-2023 22:15:06

Description :
A vulnerability was found in osCommerce 4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /catalog/compare of the component Instant Message Handler. The manipulation of the argument compare with the input 40dz4iq"><script>alert(1)</script>zohkx leads to cross site scripting. The attack may be launched remotely. VDB-246122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6296
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://vuldb.com/?ctiid.246122 | source : cna@vuldb.com
https://vuldb.com/?id.246122 | source : cna@vuldb.com

Vulnerability : CWE-79


(0) LOW VULNERABILITIES [0.1, 3.9]

(1) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-49312

First published on : 26-11-2023 22:15:06
Last modified on : 26-11-2023 22:15:06

Description :
Precision Bridge PrecisionBridge.exe (aka the thick client) before 7.3.21 allows an integrity violation in which the same license key is used on multiple systems, via vectors involving a Process Hacker memory dump, error message inspection, and modification of a MAC address.

CVE ID : CVE-2023-49312
Source : cve@mitre.org
CVSS Score : /

References :
https://precisionbridge.net/738vulnerability | source : cve@mitre.org
https://processhacker.sourceforge.io/archive/website_v2/features.php | source : cve@mitre.org


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.