CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30453
https://notcve.org/view.php?id=CVE-2023-30453
The Teamlead Reminder plugin through 2.6.5 for Jira allows persistent XSS via the message parameter. • https://marketplace.atlassian.com/apps/1217030/reminder-for-jira-follow-up-issues?tab=overview&hosting=cloud https://y-security.de/news-en/reminder-for-jira-cross-site-scripting-cve-2023-30453/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39876
https://notcve.org/view.php?id=CVE-2022-39876
Insertion of Sensitive Information into Log in PushRegIdUpdateClient of SReminder prior to 8.2.01.13 allows attacker to access device IMEI. Una inserción de información confidencial en el registro en PushRegIdUpdateClient de SReminder versiones anteriores a 8.2.01.13, permite a un atacante acceder al IMEI del dispositivo • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=10 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-23433
https://notcve.org/view.php?id=CVE-2022-23433
Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10) allows attackers to register reminders or execute exporeted activities remotely. Una vulnerabilidad de control de acceso inapropiado en Reminder versiones anteriores a 12.3.01.3000 en Android S(12), versiones 12.2.05.6000 en Android R(11) y versiones 11.6.08.6000 en Android Q(10), permite a atacantes registrar recordatorios o ejecutar actividades esporádicas de forma remota • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2 • CWE-284: Improper Access Control •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22285
https://notcve.org/view.php?id=CVE-2022-22285
A vulnerability using PendingIntent in Reminder prior to version 12.2.05.0 in Android R(11.0) and 12.3.02.1000 in Android S(12.0) allows attackers to execute privileged action by hijacking and modifying the intent. Una vulnerabilidad que usa PendingIntent en Reminder versiones anteriores a 12.2.05.0 en Android R(11.0) y 12.3.02.1000 en Android S(12.0) permite a atacantes ejecutar una acción privilegiada al secuestrar y modificar la intención • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •