• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2023-23951

February 22, 2023 by godfreyd94

Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application

CVE-2023-24026

February 22, 2023 by godfreyd94

In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload.

CVE-2023-24027

February 22, 2023 by godfreyd94

In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name.

CVE-2023-24065

February 22, 2023 by godfreyd94

NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name (of a physician, assistant, or billing user) can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may allow attackers to steal Protected Health Information because the product is for health charting.

CVE-2023-24070

February 22, 2023 by godfreyd94

app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field.

CVE-2023-24086

February 22, 2023 by godfreyd94

SLIMS v9.5.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /customs/loan_by_class.php?reportView.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 2180
  • Go to page 2181
  • Go to page 2182
  • Go to page 2183
  • Go to page 2184
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE