Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-37304 |
|
|
CVE-2023-37302 |
Description: An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title attribute).
CVSS: LOW (0.0) EPSS Score: 0.08%
November 27th, 2024 (6 months ago)
|
|
CVE-2023-37256 |
|
|
CVE-2023-37255 |
Description: An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the "get edits" type is vulnerable to HTML injection through the User-Agent HTTP request header.
CVSS: LOW (0.0) EPSS Score: 0.08%
November 27th, 2024 (6 months ago)
|
|
CVE-2023-37251 |
Description: An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs.
CVSS: LOW (0.0) EPSS Score: 0.06%
November 27th, 2024 (6 months ago)
|
|
CVE-2023-37185 |
|
|
CVE-2023-36647 |
Description: A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens.
CVSS: LOW (0.0) EPSS Score: 0.1%
November 27th, 2024 (6 months ago)
|
|
CVE-2023-36607 |
Description: The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.
CVSS: LOW (0.0) EPSS Score: 0.05%
November 27th, 2024 (6 months ago)
|
|
CVE-2023-36488 |
|
|
CVE-2023-36487 |
|