CVE-2023-36488
ILIAS 7.21 allows stored Cross Site Scripting (XSS).
Source: CVE-2023-36488
[월:] 2023년 06월
CVE-2023-37256
CVE-2023-37256
An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. It allows one to store javascript: URLs in URL fields, and automatically links these URLs.
Source: CVE-2023-37256
CVE-2023-37255
CVE-2023-37255
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the "get edits" type is vulnerable to HTML injection through the User-Agent HTTP request header.
Source: CVE-2023-37255
CVE-2023-37254
CVE-2023-37254
An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Special:CargoQuery via a crafted page item when using the default format.
Source: CVE-2023-37254
CVE-2023-37251
CVE-2023-37251
An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs.
Source: CVE-2023-37251
CVE-2023-35830
CVE-2023-35830
STW (aka Sensor-Technik Wiedemann) TCG-4 Connectivity Module DeploymentPackage_v3.03r0-Impala and DeploymentPackage_v3.04r2-Jellyfish and TCG-4lite Connectivity Module DeploymentPackage_v3.04r2-Jellyfish allow an attacker to gain full remote access with root privileges without the need for authentication, giving an attacker arbitrary remote code execution over LTE / 4G network via SMS.
Source: CVE-2023-35830
CVE-2023-33277
CVE-2023-33277
The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 allows a remote attacker to read sensitive files via directory-traversal sequences in the URL.
Source: CVE-2023-33277
CVE-2023-31222
CVE-2023-31222
Deserialization of untrusted data in Microsoft Messaging Queuing Service in Medtronic’s Paceart Optima versions 1.11 and earlier on Windows allows an unauthorized user to impact a healthcare delivery organization’s Paceart Optima system cardiac device causing data to be deleted, stolen, or modified, or the Paceart Optima system being used for further network penetration via network connectivity.
Source: CVE-2023-31222
CVE-2023-26616
CVE-2023-26616
D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the URL field in SetParentsControlInfo.
Source: CVE-2023-26616
CVE-2023-26613
CVE-2023-26613
An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorized attackers to execute arbitrary operating system commands via a crafted get request to excu_shel.
Source: CVE-2023-26613