Latest vulnerabilities [Saturday, December 30, 2023]

Latest vulnerabilities [Saturday, December 30, 2023]
{{titre}}

Last update performed on 12/30/2023 at 11:57:05 PM

(0) CRITICAL VULNERABILITIES [9.0, 10.0]

(2) HIGH VULNERABILITIES [7.0, 8.9]

Source : cert.pl

Vulnerability ID : CVE-2023-6998

First published on : 30-12-2023 19:15:08
Last modified on : 30-12-2023 19:15:08

Description :
Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0.

CVE ID : CVE-2023-6998
Source : cvd@cert.pl
CVSS Score : 7.7

References :
https://cert.pl/en/posts/2023/12/CVE-2023-6998/ | source : cvd@cert.pl
https://cert.pl/posts/2023/12/CVE-2023-6998/ | source : cvd@cert.pl
https://ewelink.cc/app/ | source : cvd@cert.pl

Vulnerability : CWE-269


Source : vuldb.com

Vulnerability ID : CVE-2023-7172

First published on : 30-12-2023 09:15:07
Last modified on : 30-12-2023 09:15:07

Description :
A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Dashboard. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249356.

CVE ID : CVE-2023-7172
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://drive.google.com/file/d/11DHRUjvOF0yV24I4JlZ0X1RE4V-mcood/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.249356 | source : cna@vuldb.com
https://vuldb.com/?id.249356 | source : cna@vuldb.com

Vulnerability : CWE-89


(9) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : vuldb.com

Vulnerability ID : CVE-2023-7180

First published on : 30-12-2023 18:15:40
Last modified on : 30-12-2023 18:15:40

Description :
A vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/project/proj/delete.php. The manipulation of the argument PROJ_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-249367. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-7180
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/Bobjones7/cve/blob/main/sql.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.249367 | source : cna@vuldb.com
https://vuldb.com/?id.249367 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-7175

First published on : 30-12-2023 13:15:16
Last modified on : 30-12-2023 13:15:16

Description :
A vulnerability was found in Campcodes Online College Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/borrow_add.php of the component HTTP POST Request Handler. The manipulation of the argument student leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249362 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-7175
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://medium.com/@heishou/libsystem-sql-injection-bb74915175fe | source : cna@vuldb.com
https://vuldb.com/?ctiid.249362 | source : cna@vuldb.com
https://vuldb.com/?id.249362 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-7176

First published on : 30-12-2023 16:15:45
Last modified on : 30-12-2023 16:15:45

Description :
A vulnerability classified as critical has been found in Campcodes Online College Library System 1.0. This affects an unknown part of the file /admin/return_add.php of the component HTTP POST Request Handler. The manipulation of the argument student leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249363.

CVE ID : CVE-2023-7176
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://medium.com/@heishou/libsystem-foreground-sql-injection-vulnerability-3-d02f0ce78fe3 | source : cna@vuldb.com
https://vuldb.com/?ctiid.249363 | source : cna@vuldb.com
https://vuldb.com/?id.249363 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-7177

First published on : 30-12-2023 16:15:45
Last modified on : 30-12-2023 16:15:45

Description :
A vulnerability classified as critical was found in Campcodes Online College Library System 1.0. This vulnerability affects unknown code of the file /admin/book_add.php of the component HTTP POST Request Handler. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249364.

CVE ID : CVE-2023-7177
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://medium.com/@heishou/libsystem-foreground-sql-injection-vulnerability-4-cadc2983eb5e | source : cna@vuldb.com
https://vuldb.com/?ctiid.249364 | source : cna@vuldb.com
https://vuldb.com/?id.249364 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-7178

First published on : 30-12-2023 17:15:08
Last modified on : 30-12-2023 17:15:08

Description :
A vulnerability, which was classified as critical, has been found in Campcodes Online College Library System 1.0. This issue affects some unknown processing of the file /admin/book_row.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249365 was assigned to this vulnerability.

CVE ID : CVE-2023-7178
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://medium.com/@heishou/libsystem-foreground-sql-injection-vulnerability-5-5a761e5b73b8 | source : cna@vuldb.com
https://vuldb.com/?ctiid.249365 | source : cna@vuldb.com
https://vuldb.com/?id.249365 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-7179

First published on : 30-12-2023 17:15:08
Last modified on : 30-12-2023 17:15:08

Description :
A vulnerability, which was classified as critical, was found in Campcodes Online College Library System 1.0. Affected is an unknown function of the file /admin/category_row.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249366 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-7179
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://medium.com/@heishou/libsystem-foreground-sql-injection-vulnerability-a98949964faf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249366 | source : cna@vuldb.com
https://vuldb.com/?id.249366 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-7181

First published on : 30-12-2023 18:15:41
Last modified on : 30-12-2023 18:15:41

Description :
A vulnerability was found in Muyun DedeBIZ up to 6.2.12 and classified as critical. Affected by this issue is some unknown functionality of the component Add Attachment Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249368. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-7181
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://github.com/JTZ-a/SRC/blob/master/DedeBIZ/DedeBIZ%20-%20file%20upload/README.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.249368 | source : cna@vuldb.com
https://vuldb.com/?id.249368 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2018-25096

First published on : 30-12-2023 10:15:08
Last modified on : 30-12-2023 10:15:08

Description :
A vulnerability was found in MdAlAmin-aol Own Health Record 0.1-alpha/0.2-alpha/0.3-alpha/0.3.1-alpha. It has been rated as problematic. This issue affects some unknown processing of the file includes/logout.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. Upgrading to version 0.4-alpha is able to address this issue. The patch is named 58b413aa40820b49070782c786c526850ab7748f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-249191.

CVE ID : CVE-2018-25096
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/MdAlAmin-aol/ownhealthrecord/commit/58b413aa40820b49070782c786c526850ab7748f | source : cna@vuldb.com
https://github.com/MdAlAmin-aol/ownhealthrecord/releases/tag/v0.4-alpha | source : cna@vuldb.com
https://vuldb.com/?ctiid.249191 | source : cna@vuldb.com
https://vuldb.com/?id.249191 | source : cna@vuldb.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-7173

First published on : 30-12-2023 12:15:44
Last modified on : 30-12-2023 12:15:44

Description :
A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file registration.php. The manipulation of the argument First Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249357 was assigned to this vulnerability.

CVE ID : CVE-2023-7173
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://drive.google.com/file/d/1Mqs0mmxxmKLrFLHekPke5bZnzMHvnrFm/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.249357 | source : cna@vuldb.com
https://vuldb.com/?id.249357 | source : cna@vuldb.com

Vulnerability : CWE-79


(0) LOW VULNERABILITIES [0.1, 3.9]

(22) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-50559

First published on : 30-12-2023 00:15:19
Last modified on : 30-12-2023 00:15:19

Description :
An issue was discovered in XiangShan v2.1, allows local attackers to obtain sensitive information via the L1D cache.

CVE ID : CVE-2023-50559
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/nieeka/5edb552e7cf62cdb18decd9c4292d429 | source : cve@mitre.org
https://github.com/OpenXiangShan/XiangShan/issues/2534 | source : cve@mitre.org


Vulnerability ID : CVE-2023-41542

First published on : 30-12-2023 02:15:08
Last modified on : 30-12-2023 02:15:08

Description :
SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component.

CVE ID : CVE-2023-41542
Source : cve@mitre.org
CVSS Score : /

References :
https://pho3n1x-web.github.io/2023/09/15/CVE-2023-41542%28JeecgBoot_sql%29/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-41543

First published on : 30-12-2023 02:15:08
Last modified on : 30-12-2023 02:15:08

Description :
SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check.

CVE ID : CVE-2023-41543
Source : cve@mitre.org
CVSS Score : /

References :
https://mp.weixin.qq.com/s/q6R-kaN4XS5d_cgWtq46vw | source : cve@mitre.org
https://pho3n1x-web.github.io/2023/09/18/CVE-2023-41543%28JeecgBoot_sql%29/ | source : cve@mitre.org


Vulnerability ID : CVE-2022-46486

First published on : 30-12-2023 03:15:08
Last modified on : 30-12-2023 03:15:08

Description :
A lack of pointer-validation logic in the __scone_dispatch component of SCONE before v5.8.0 for Intel SGX allows attackers to access sensitive information.

CVE ID : CVE-2022-46486
Source : cve@mitre.org
CVSS Score : /

References :
https://jovanbulck.github.io/files/ccs19-tale.pdf | source : cve@mitre.org
https://jovanbulck.github.io/files/oakland24-pandora.pdf | source : cve@mitre.org
https://sconedocs.github.io/release5.7/ | source : cve@mitre.org


Vulnerability ID : CVE-2022-46487

First published on : 30-12-2023 03:15:08
Last modified on : 30-12-2023 03:15:08

Description :
Improper initialization of x87 and SSE floating-point configuration registers in the __scone_entry component of SCONE before 5.8.0 for Intel SGX allows a local attacker to compromise the execution integrity of floating-point operations in an enclave or access sensitive information via side-channel analysis.

CVE ID : CVE-2022-46487
Source : cve@mitre.org
CVSS Score : /

References :
https://jovanbulck.github.io/files/acsac20-fpu.pdf | source : cve@mitre.org
https://jovanbulck.github.io/files/oakland24-pandora.pdf | source : cve@mitre.org
https://nvd.nist.gov/vuln/detail/CVE-2020-0561#vulnCurrentDescriptionTitle | source : cve@mitre.org
https://nvd.nist.gov/vuln/detail/CVE-2020-15107 | source : cve@mitre.org
https://sconedocs.github.io/release5.7/ | source : cve@mitre.org
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/best-practices/data-operand-independent-timing-isa-guidance.html#inpage-nav-3-3 | source : cve@mitre.org


Vulnerability ID : CVE-2023-38021

First published on : 30-12-2023 03:15:08
Last modified on : 30-12-2023 03:15:08

Description :
An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclave_ecall function and system call layer.

CVE ID : CVE-2023-38021
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/openenclave/openenclave/security/advisories/GHSA-v3vm-9h66-wm76 | source : cve@mitre.org
https://jovanbulck.github.io/files/oakland24-pandora.pdf | source : cve@mitre.org
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/stale-data-read-from-xapic.html | source : cve@mitre.org
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#inpage-nav-3-2-2 | source : cve@mitre.org
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-38022

First published on : 30-12-2023 03:15:08
Last modified on : 30-12-2023 03:15:08

Description :
An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgx_is_within_user.

CVE ID : CVE-2023-38022
Source : cve@mitre.org
CVSS Score : /

References :
https://jovanbulck.github.io/files/ccs19-tale.pdf | source : cve@mitre.org
https://jovanbulck.github.io/files/oakland24-pandora.pdf | source : cve@mitre.org


Vulnerability ID : CVE-2023-38023

First published on : 30-12-2023 03:15:08
Last modified on : 30-12-2023 03:15:08

Description :
An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in __scone_dispatch and other entry functions allows a local attacker to access unauthorized information, aka an "AEPIC Leak."

CVE ID : CVE-2023-38023
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/openenclave/openenclave/security/advisories/GHSA-v3vm-9h66-wm76 | source : cve@mitre.org
https://jovanbulck.github.io/files/oakland24-pandora.pdf | source : cve@mitre.org
https://sconedocs.github.io/release5.7/ | source : cve@mitre.org
https://sconedocs.github.io/release5.8/ | source : cve@mitre.org
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/stale-data-read-from-xapic.html | source : cve@mitre.org
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#inpage-nav-3-2-2 | source : cve@mitre.org
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-41544

First published on : 30-12-2023 04:15:08
Last modified on : 30-12-2023 04:15:08

Description :
SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component.

CVE ID : CVE-2023-41544
Source : cve@mitre.org
CVSS Score : /

References :
https://pho3n1x-web.github.io/2023/09/18/CVE-2023-41544%28JeecgBoot_SSTI%29/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-52252

First published on : 30-12-2023 06:15:43
Last modified on : 30-12-2023 06:15:43

Description :
Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint.

CVE ID : CVE-2023-52252
Source : cve@mitre.org
CVSS Score : /

References :
https://harkenzo.tlstickle.com/2023-03-17-UR-Web-Triggerable-RCE/ | source : cve@mitre.org
https://www.exploit-db.com/exploits/51309 | source : cve@mitre.org


Vulnerability ID : CVE-2023-52257

First published on : 30-12-2023 08:15:07
Last modified on : 30-12-2023 08:15:07

Description :
LogoBee 0.2 allows updates.php?id= XSS.

CVE ID : CVE-2023-52257
Source : cve@mitre.org
CVSS Score : /

References :
https://packetstormsecurity.com/files/174815 | source : cve@mitre.org


Vulnerability ID : CVE-2023-50550

First published on : 30-12-2023 16:15:44
Last modified on : 30-12-2023 16:15:44

Description :
layui up to v2.74 was discovered to contain a cross-site scripting (XSS) vulnerability via the data-content parameter.

CVE ID : CVE-2023-50550
Source : cve@mitre.org
CVSS Score : /

References :
https://gitee.com/layui/layui/issues?utf8=%E2%9C%93&state=all&issue_search=xss | source : cve@mitre.org


Vulnerability ID : CVE-2023-50578

First published on : 30-12-2023 16:15:44
Last modified on : 30-12-2023 16:15:44

Description :
Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do.

CVE ID : CVE-2023-50578
Source : cve@mitre.org
CVSS Score : /

References :
https://gitee.com/mingSoft/MCMS/issues/I8MAJK | source : cve@mitre.org


Vulnerability ID : CVE-2023-51133

First published on : 30-12-2023 16:15:44
Last modified on : 30-12-2023 16:15:44

Description :
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRoute.

CVE ID : CVE-2023-51133
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/26/1.md | source : cve@mitre.org
https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51135

First published on : 30-12-2023 16:15:44
Last modified on : 30-12-2023 16:15:44

Description :
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPasswordSetup.

CVE ID : CVE-2023-51135
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/29/1.md | source : cve@mitre.org
https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51136

First published on : 30-12-2023 16:15:44
Last modified on : 30-12-2023 16:15:44

Description :
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRebootSchedule.

CVE ID : CVE-2023-51136
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/28/1.md | source : cve@mitre.org
https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36 | source : cve@mitre.org


Vulnerability ID : CVE-2023-50110

First published on : 30-12-2023 17:15:07
Last modified on : 30-12-2023 17:15:07

Description :
TestLink through 1.9.20 allows type juggling for authentication bypass because === is not used.

CVE ID : CVE-2023-50110
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/TestLinkOpenSourceTRMS/testlink-code/pull/357 | source : cve@mitre.org


Vulnerability ID : CVE-2023-50589

First published on : 30-12-2023 17:15:08
Last modified on : 30-12-2023 17:15:08

Description :
Grupo Embras GEOSIAP ERP v2.2.167.02 was discovered to contain a SQL injection vulnerability via the codLogin parameter on the login page.

CVE ID : CVE-2023-50589
Source : cve@mitre.org
CVSS Score : /

References :
https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html | source : cve@mitre.org
https://github.com/VauP/CVE-IDs/blob/main/proof_of_concept.md | source : cve@mitre.org
https://owasp.org/www-community/attacks/SQL_Injection | source : cve@mitre.org


Vulnerability ID : CVE-2023-50651

First published on : 30-12-2023 17:15:08
Last modified on : 30-12-2023 17:15:08

Description :
TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi.

CVE ID : CVE-2023-50651
Source : cve@mitre.org
CVSS Score : /

References :
http://totolink.com | source : cve@mitre.org
https://palm-jump-676.notion.site/X6000R-sub_4119A0-11-b35b4ca36ce84e07afff85c98414d293 | source : cve@mitre.org


Vulnerability ID : CVE-2023-52262

First published on : 30-12-2023 19:15:08
Last modified on : 30-12-2023 19:15:08

Description :
outdoorbits little-backup-box (aka Little Backup Box) before f39f91c allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted input.

CVE ID : CVE-2023-52262
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/outdoorbits/little-backup-box/commit/f39f91cd05544b3eb18b59897c765d6ba9313faa | source : cve@mitre.org
https://www.php.net/manual/en/function.extract | source : cve@mitre.org


Vulnerability ID : CVE-2023-52263

First published on : 30-12-2023 19:15:08
Last modified on : 30-12-2023 19:15:08

Description :
Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc.

CVE ID : CVE-2023-52263
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/brave/brave-browser/issues/32449 | source : cve@mitre.org
https://github.com/brave/brave-browser/issues/32473 | source : cve@mitre.org
https://github.com/brave/brave-core/pull/19820 | source : cve@mitre.org
https://github.com/brave/brave-core/pull/19820/commits/9da202f7f4bc80b6975909b684bbc0764a31c4e9 | source : cve@mitre.org


Source : apache.org

Vulnerability ID : CVE-2023-49299

First published on : 30-12-2023 17:15:07
Last modified on : 30-12-2023 17:15:07

Description :
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9. Users are recommended to upgrade to version 3.1.9, which fixes the issue.

CVE ID : CVE-2023-49299
Source : security@apache.org
CVSS Score : /

References :
https://github.com/apache/dolphinscheduler/pull/15228 | source : security@apache.org
https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm | source : security@apache.org

Vulnerability : CWE-20


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.