CVE-2023-48244

The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request.

CVE-2023-48256

The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s session via a crafted URL or HTTP request.

CVE-2023-48255

The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned log.

CVE-2023-48254

The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request.

CVE-2023-48242

The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.

CVE-2023-48249

The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to steal session cookies of other active users.

CVE-2023-48246

The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.