CVE-2022-23856

An issue was discovered in Saviynt Enterprise Identity Cloud EIC 5.5 SP2.x. An attacker can enumerate users by changing the id parameter, such as for the ECM/maintenance/forgotpasswordstep1 URI...

AlmaLinux 9 : thunderbird (ALSA-2025:23856)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2025:23856 advisory. firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146 CVE-2025-14333 firefox: Use-after-free in...

Oracle Linux 9 : thunderbird (ELSA-2025-23856)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2025-23856 advisory. 140.6.0-1.0.1 - Fix prefs for new nss Orabug: 37079813 - Add Oracle prefs 140.6.0 - Add OpenELA debranding 140.6.0-1 - Update to 140.6.0 ESR Tenable h...

CVE-2023-23856

creationtimestamp| type| source ---|---|--- 2025-03-20 18:20:49+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/8253...

CVE-2025-23856

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Odyno Simple Vertical Timeline simple-vertical-timeline allows DOM-Based XSS.This issue affects Simple Vertical Timeline: from n/a through = 0.1...

CVE-2024-23856

creationtimestamp| type| source ---|---|--- 2024-01-26 10:31:25+00:00| seen| https://t.me/ctinow/174112 2024-02-19 15:26:39+00:00| seen| https://t.me/ctinow/187748...

CVE-2024-23856 Cross-Site Scripting (XSS) vulnerability in Cups Easy

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/itemlist.php, in the description parameter. Exploitation of this vulnerability cou...

CVE-2024-23856

CVE-2024-23856 affects Cups Easy (Purchase & Inventory) v1.0, where the description parameter on /cupseasylive/itemlist.php can be exploited through insufficient encoding of user input to trigger a Cross-Site Scripting (XSS) condition. The issue could allow an attacker, via a specially crafted UR...

CVE-2024-23856 Cross-Site Scripting (XSS) vulnerability in Cups Easy

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/itemlist.php, in the description parameter. Exploitation of this vulnerability cou...

CVE-2023-23856

In SAP BusinessObjects Business Intelligence Web Intelligence user interface - version 430, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On...

CVE-2023-23856

SAP BusinessObjects Business Intelligence Platform (Web Intelligence UI) version 430 is affected by a cross-site scripting (XSS) vulnerability due to some API responses returning JSON with an incorrect Content-Type header. This specific issue enables a custom application that directly calls the W...

CVE-2022-23856

CVE-2022-23856 affects Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. The issue is due to allowing an attacker to enumerate users by manipulating the id parameter in the ECM/maintenance/forgotpasswordstep1 endpoint. The vulnerability arises from improper validation/handling of the id paramete...

CVE-2021-23856

CVE-2021-23856 concerns the Bosch Rexroth IndraMotion Mlc web application, where a cross-site scripting vulnerability arises from lack of proper validation of client-side data by the WEB interface. This enables reflected XSS, allowing an attacker to potentially execute scripts in a user’s browser...

CVE-2020-23856

Use-after-Free vulnerability in cflow 1.6 in the void callchar name, int line function at src/parser.c, which could cause a denial of service via the pointer variable caller-callee...

CVE-2020-23856

CVE-2020-23856 affects GNU cflow version 1.6, where a use-after-free in the function void call(char *name, int line) inside src/parser.c can cause denial of service via the caller->callee pointer. Multiple trusted sources (NVD entry and CNVD/OSV mirrors) confirm the vulnerability’s existence i...

CVE-2020-23856

Use-after-Free vulnerability in cflow 1.6 in the void callchar name, int line function at src/parser.c, which could cause a denial of service via the pointer variable caller-callee...