CVE-2023-24394

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy iframe popup plugin <= 3.3 versions.

Source: CVE-2023-24394

CVE-2023-4478

Mattermost fails to restrict which parameters’ values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.

Source: CVE-2023-4478

CVE-2023-25981

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form plugin <= 2.8.1 versions.

Source: CVE-2023-25981

CVE-2023-25649

There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.

Source: CVE-2023-25649

CVE-2023-3425

Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions before 23.2 LTS SR3 allows unauthenticated user to read restricted amount of bytes from memory.

Source: CVE-2023-3425

CVE-2023-32576

Auth. (subscriber+) Stored Cross-Site Scripting’) vulnerability in Plainware Locatoraid Store Locator plugin <= 3.9.18 versions.

Source: CVE-2023-32576

CVE-2023-32577

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eji Osigwe DevBuddy Twitter Feed plugin <= 4.0.0 versions.

Source: CVE-2023-32577

CVE-2023-32584

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in John Newcombe eBecas plugin <= 3.1.3 versions.

Source: CVE-2023-32584

CVE-2023-32591

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cloud Primero B.V DBargain plugin <= 3.0.0 versions.

Source: CVE-2023-32591

CVE-2023-3406

Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server

Source: CVE-2023-3406