3 results (0.004 seconds)

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2023-23949

https://notcve.org/view.php?id=CVE-2023-23949

24 Jan 2023 — An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser. Un usuario autenticado puede proporcionar código HTML y JavaScript malicioso que se ejecutará en el navegador del cliente. • https://support.broadcom.com/external/content/SecurityAdvisories/0/21174 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0

CVE-2023-23951

https://notcve.org/view.php?id=CVE-2023-23951

24 Jan 2023 — Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application Capacidad de enumerar los atributos LDAP de Oracle para el usuario actual modificando la consulta utilizada por la aplicación. • https://support.broadcom.com/external/content/SecurityAdvisories/0/21174 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0

CVE-2023-23950

https://notcve.org/view.php?id=CVE-2023-23950

24 Jan 2023 — User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses. La entrada proporcionada por el usuario (normalmente una secuencia CRLF) se puede utilizar para dividir una respuesta devuelta en dos respuestas. • https://support.broadcom.com/external/content/SecurityAdvisories/0/21174 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •