3 matches found
GHSA-293Q-567P-WMWQ Spring Security Vulnerable to Unauthorized User Impersonation when Using X.509 Client Certificates
In Spring Security Web, SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user...
PT-2024-34907 · Unknown · Firework Shoppable Live Video
Name of the Vulnerable Software and Affected Versions: Firework Shoppable Live Video versions n/a through 6.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS attacks...
CVE-2023-27557
IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM...