CVE-2026-23635

Kiteworks Secure Data Forms (PDN) has a vulnerability affecting versions prior to 9.2.1 due to a misconfiguration of security attributes that could lead to Unprotected Transport of Credentials. The issue is documented across CVE-2026-23635 with a CVSSv3.1 base score of 6.5 (Network, High attack v...

CVE-2026-23635 Kiteworks Secure Data Forms has a potential Unprotected Transport of Credentials

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of the security attributes could potentially lead to Unprotected Transport of Credentials under certain circumstances. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

CVE-2025-23635

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mobde3net ePermissions epermissions allows Reflected XSS.This issue affects ePermissions: from n/a through = 1.2...

CVE-2022-23635 vulnerabilities

Vulnerabilities for packages: istio-pilot-agent, istio-operator, istio-pilot-discovery, istio-cni...

CVE-2025-23635

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mobde3net ePermissions epermissions allows Reflected XSS.This issue affects ePermissions: from n/a through = 1.2...

CVE-2025-23635

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mobde3net ePermissions epermissions allows Reflected XSS.This issue affects ePermissions: from n/a through = 1.2...

CVE-2025-23635 WordPress ePermissions plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mobde3net ePermissions epermissions allows Reflected XSS.This issue affects ePermissions: from n/a through = 1.2...

CVE-2025-23635 WordPress ePermissions plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mobde3net ePermissions epermissions allows Reflected XSS.This issue affects ePermissions: from n/a through = 1.2...

CVE-2025-23635

CVE-2025-23635 : Reflected Cross-Site Scripting in WordPress WordPress ePermissions plugin (versions &lt;= 1.2). The issue arises from improper neutralization of input during web page generation, enabling reflected XSS. Affected product/component: WordPress ePermissions plugin

Oracle WebLogic Server (January 2025 CPU)

The 12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2025 CPU advisory. - Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to...

Security Bulletin: There is a vulnerability in AntiSamy 1.7.4 used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-23635)

Summary There is a vulnerability in AntiSamy 1.7.4 used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-23635 DESCRIPTION: AntiSamy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker...

Security Bulletin: There is a vulnerability in AntiSamy 1.7.4 used by IBM Maximo Asset Management (CVE-2024-23635)

Summary There is a vulnerability in AntiSamy 1.7.4 used by IBM Maximo Asset Management . Vulnerability Details CVEID:CVE-2024-23635 DESCRIPTION: AntiSamy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability...

CVE-2024-23635

creationtimestamp| type| source ---|---|--- 2024-02-02 18:22:17+00:00| seen| https://t.me/ctinow/178208 2024-02-25 11:47:00+00:00| seen| https://t.me/ctinow/192847...

cn.acooly:acooly-auth-wechat-authenticator (=5.2.1), cn.herodotus.engine:access-core (>=2.7.2.3 <=3.2.2.1) +834 more potentially affected by CVE-2024-23635 via org.owasp.antisamy:antisamy (>=1.4.3 <=1.7.4)

org.owasp.antisamy:antisamy MAVEN version =1.4.3, =2.7.2.3, =2.7.2.3, =2.7.2.3, =3.1.7.3, =2.7.2.3, =2.7.2.3, =2.7.2.3, =2.7.0.0, =3.1.5.1, =2.7.0.Beta1, =2.7.0.0, =2.7.0.Beta1, =2.7.0.0, =2.7.0.0, =3.2.2.1 and more Source cves: CVE-2024-23635 Source advisory: OSV:GHSA-2MRQ-W8PV-5PVQ...

CVE-2024-23635 AntiSamy malicious input can provoke XSS when preserving comments

AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a potential for a mutation XSS mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the...

CVE-2024-23635

CVE-2024-23635 affects AntiSamy prior to version 1.7.5, due to flawed HTML parsing when preserveComments is enabled, enabling potential mutation XSS. The connected IBM advisories confirm the issue and indicate the fix is to upgrade AntiSamy to 1.7.5 or newer. Practical impact is cross-site script...

CVE-2023-23635

creationtimestamp| type| source ---|---|--- 2023-02-03 07:25:20+00:00| seen| https://t.me/cibsecurity/57433...

CVE-2023-23635

Jellyfin 10.8.x through 10.8.3 is affected by a stored XSS in the name of a collection that can exfiltrate the victim’s access tokens from localStorage. This is documented across multiple sources (NVD, Red Hat, GHSA, OSV, etc.). The vulnerability impact is limited to confidentiality through token...

RHEL 8 : Red Hat OpenShift Service Mesh 2.1.2 (RHSA-2022:1275)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1275 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise...

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.1.2 security update

Red Hat OpenShift Service Mesh 2.1.2 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...