CVE-2022-48138
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-26829. Reason: This candidate is a reservation duplicate of CVE-2023-26829. Notes: All CVE users should reference CVE-2023-26829 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Source: CVE-2022-48138
CVE-2023-23956
A user can supply malicious HTML and JavaScript code that will be executed in the client browser
Source: CVE-2023-23956
CVE-2023-31186
Avaya IX Workforce Engagement v15.2.7.1195 – User Enumeration – Observable Response Discrepancy
Source: CVE-2023-31186
CVE-2023-33178
Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the `/dataset/data/{id}` API route inside the CMS starting in version 1.4.0 and prior to versions 2.3.17 and 3.3.5. This allows an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values in to the `filter` parameter. Values allowed in the filter parameter are checked against a deny list of commands that should not be allowed, however this checking was done in a case sensitive manor and so it is possible to bypass these checks by using unusual case combinations. Users should upgrade to version 2.3.17 or 3.3.5, which fix this issue. There are no workarounds aside from upgrading.
Source: CVE-2023-33178
CVE-2023-29732
SoLive 1.6.14 thru 1.6.20 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memory when the application is opened. Depending on how the data is used, this can result in various attack consequences, such as ad display exceptions.
Source: CVE-2023-29732
CVE-2023-29731
SoLive 1.6.14 thru 1.6.20 for Android has an exposed component that provides a method to modify the SharedPreference file. An attacker can leverage this method to inject a large amount of data into any SharedPreference file, which will be loaded into memory when the application is opened. When an attacker injects too much data, the application will trigger an OOM error and crash at startup, resulting in a persistent denial of service.
Source: CVE-2023-29731
CVE-2023-29734
An issue found in edjing Mix v.7.09.01 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the database.
Source: CVE-2023-29734
CVE-2023-29733
The Lock Master app 2.2.4 for Android allows unauthorized apps to modify the values in its SharedPreference files. These files hold data that affects many app functions. Malicious modifications by unauthorized apps can cause security issues, such as functionality manipulation, resulting in a severe escalation of privilege attack.
Source: CVE-2023-29733
CVE-2023-31187
Avaya IX Workforce Engagement v15.2.7.1195 – CWE-522: Insufficiently Protected Credentials
Source: CVE-2023-31187