CVE-2023-47258

Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter.

Source: CVE-2023-47258

CVE-2023-47259

Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter.

Source: CVE-2023-47259

CVE-2023-47260

Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails.

Source: CVE-2023-47260

CVE-2023-46981

SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /common/log/list.

Source: CVE-2023-46981

CVE-2023-46964

Cross Site Scripting (XSS) vulnerability in Hillstone Next Generation FireWall SG-6000-e3960 v.5.5 allows a remote attacker to execute arbitrary code via the use front-end filtering instead of back-end filtering.

Source: CVE-2023-46964

CVE-2023-47249

In International Color Consortium DemoIccMAX 79ecb74, a CIccXmlArrayType:::ParseText function (for unsigned short) in IccUtilXml.cpp in libIccXML.a has an out-of-bounds read.

Source: CVE-2023-47249

CVE-2023-46382

LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices use cleartext HTTP for login.

Source: CVE-2023-46382

CVE-2023-46963

An issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System v.6.5 allows a remote attacker to obtain sensitive information via the password parameter in the login function.

Source: CVE-2023-46963

CVE-2023-46381

LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI.

Source: CVE-2023-46381

CVE-2023-40922

kerawen before v2.5.1 was discovered to contain a SQL injection vulnerability via the ocs_id_cart parameter at KerawenDeliveryModuleFrontController::initContent().

Source: CVE-2023-40922