PrimaryVendor - Product adobe - experience manager Description Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
A logging vulnerability was found in journalpump which logs out the configuration of a service integration in plaintext to the supplied logging pipeline, including credential information contained in the configuration if any.
1.3.1 contains a partial fix, which limits the vulnerability to HTTP/HTTPS protocols.
Exploitation of the vulnerability is possible for an authorized user.
Impact of the vulnerability - execution of arbitrary javascript code in the attacked user's browser.
A reflection cross-site scripting vulnerability was discovered in version 1.2.25.
Security recommendations stress it should be placed behind a company firewall or VPN. This vulnerability only affects users within the same organisation.
The vulnerability is very similar to CVE-2023-47118 with how the vulnerable function can be exploited.
A remote unauthenticated attacker could potentially exploit this vulnerability leading to some information disclosure.
A stored Cross-Site Scripting vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7.
The vulnerability may allow an attacker to inject malicious scripts into the application, which could then be executed when a user visits the affected locations.
Ibm.com PrimaryVendor - Product ibm - aix Description IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in AIX windows to cause a denial of service.
Dev PrimaryVendor - Product moxa - iologik e1200 series Description A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior.
Es PrimaryVendor - Product netapp - ontap Description ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2 drives to become unlocked after a system reboot or power cycle or a single SAS-attached FIPS 140-2 drive to become unlocked after reinsertion.
Snowflake recently received a report about a vulnerability in the Snowflake Connector.
The vulnerability affects versions between 2.0.25 and 2.1.4.
Tw PrimaryVendor - Product softnext - mail sqr expert Description Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with.
Tw PrimaryVendor - Product sourcecodester - simple image stack website Description A vulnerability was found in SourceCodester Simple Image Stack Website 1.0.
Tw PrimaryVendor - Product tcpreplay - tcpreplay Description Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit dlt cleanup() function within plugins/dlt plugins.
Published 2023-12-15 CVSS Score 4.3 Source & Patch Info CVE-2023-6835ed10eef1-636d-4fbe-9993-6890dfa878f8 PrimaryVendor - Product wso2 - multiple products Description Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint.
This Cyber News was published on www.cisa.gov. Publication date: Tue, 26 Dec 2023 22:13:05 +0000