11 matches found
CVE-2023-45144
com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross site scripting XSS and XWiki syntax...
Adobe Substance 3D Sampler 3.0.4 Multiple Vulnerabilities (apsb24-81)
The version of Adobe Substance 3D Sampler installed on the remote host is prior to 3.0.4. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb24-81 advisory. - Substance3D - Stager versions 3.0.3 and earlier are affected by a Use After Free vulnerability that could...
CVE-2024-45144 Substance3D - Stager | Out-of-bounds Write (CWE-787)
Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2024-45144 Substance3D - Stager | Out-of-bounds Write (CWE-787)
Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2023-45144
creationtimestamp| type| source ---|---|--- 2023-10-17 00:32:12+00:00| seen| https://t.me/cibsecurity/72345...
CVE-2023-45144 Remote code execution from login screen through unescaped URL parameter in OAuth Identity XWiki App
com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross site scripting XSS and XWiki syntax...
CVE-2023-45144 Remote code execution from login screen through unescaped URL parameter in OAuth Identity XWiki App
com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross site scripting XSS and XWiki syntax...
CVE-2023-45144
The CVE concerns com.xwiki.identity-oauth:identity-oauth-ui used for OAuth-based identity providers. When logging in via OAuth, the identityOAuth GET parameter is vulnerable to XSS and XWiki syntax injection, enabling remote code execution via the groovy macro and impacting confidentiality, integ...
CVE-2022-45144
creationtimestamp| type| source ---|---|--- 2023-05-17 07:30:59+00:00| seen| https://t.me/cibsecurity/64288...
CVE-2022-45144
Algoo Tracim before 4.4.2 allows XSS via HTML file upload...
CVE-2022-45144
Algoo Tracim before 4.4.2 allows XSS via HTML file upload...