Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-22263 | 2023-03-22 | N/A | 3.5 LOW | ||
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||
| CVE-2023-22262 | 2023-03-22 | N/A | 3.5 LOW | ||
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||
| CVE-2023-22261 | 2023-03-22 | N/A | 3.5 LOW | ||
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||
| CVE-2023-22260 | 2023-03-22 | N/A | 3.5 LOW | ||
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||
| CVE-2023-22259 | 2023-03-22 | N/A | 3.5 LOW | ||
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||
| CVE-2023-22258 | 2023-03-22 | N/A | 3.5 LOW | ||
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||
| CVE-2023-22257 | 2023-03-22 | N/A | 3.5 LOW | ||
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||
| CVE-2023-22256 | 2023-03-22 | N/A | 3.5 LOW | ||
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||
| CVE-2023-22254 | 2023-03-22 | N/A | 5.4 MEDIUM | ||
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | |||||
| CVE-2023-22253 | 2023-03-22 | N/A | 5.4 MEDIUM | ||
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | |||||
| CVE-2023-22252 | 2023-03-22 | N/A | 5.4 MEDIUM | ||
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | |||||
| CVE-2023-21616 | 2023-03-22 | N/A | 5.4 MEDIUM | ||
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | |||||
| CVE-2023-21615 | 2023-03-22 | N/A | 5.4 MEDIUM | ||
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | |||||
| CVE-2023-0464 | 2023-03-22 | N/A | N/A | ||
| A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. | |||||
| CVE-2023-1429 | 1 Pimcore | 1 Pimcore | 2023-03-22 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19. | |||||
| CVE-2022-1278 | 1 Redhat | 8 Amq, Amq Online, Integration Camel K and 5 more | 2023-03-22 | N/A | 7.5 HIGH |
| A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain. | |||||
| CVE-2023-27059 | 1 Churchcrm | 1 Churchcrm | 2023-03-22 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field. | |||||
| CVE-2023-0100 | 1 Eclipse | 1 Business Intelligence And Reporting Tools | 2023-03-22 | N/A | 8.8 HIGH |
| In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter (e.g. __report=http://xyz.com/report.rptdesign). If the host indicated in the __report parameter matched the HTTP Host header value, the report would be retrieved. However, the Host header can be tampered with on some configurations where no virtual hosts are put in place (e.g. in the default configuration of Apache Tomcat) or when the default host points to the BIRT server. This vulnerability was patched on Eclipse BIRT 4.13. | |||||
| CVE-2023-27711 | 1 Typecho | 1 Typecho | 2023-03-22 | N/A | 4.8 MEDIUM |
| Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via the Comment Manager /admin/manage-comments.php component. | |||||
| CVE-2023-27131 | 1 Typecho | 1 Typecho | 2023-03-22 | N/A | 4.8 MEDIUM |
| Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code viathe Post Editorparameter. | |||||