CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48201
https://notcve.org/view.php?id=CVE-2023-48201
Cross Site Scripting (XSS) vulnerability in Sunlight CMS v.8.0.1, allows remote authenticated attackers to execute arbitrary code and escalate privileges via a crafted script to the Content text editor component. • https://mechaneus.github.io/CVE-2023-48201.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23620 – IBM Merge Healthcare eFilm Workstation SYSTEM Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-23620
An improper privilege management vulnerability exists in IBM Merge Healthcare eFilm Workstation. A local, authenticated attacker can exploit this vulnerability to escalate privileges to SYSTEM. ... Un atacante local autenticado puede aprovechar esta vulnerabilidad para escalar privilegios al SISTEMA. • https://blog.exodusintel.com/2024/01/25/ibm-merge-healthcare-efilm-workstation-system-privilege-escalation • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-22922
https://notcve.org/view.php?id=CVE-2024-22922
An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php Un problema en Projectworlds Vistor Management System en PHP v.1.0 permite a un atacante remoto escalar privilegios a través de un script manipulado a la página de inicio de sesión en POST/index.php • https://github.com/keru6k/CVE-2024-22922 http://projectworlds.com http://visitor.com https://github.com/keru6k/CVE-2024-22922/blob/main/CVE-2024-22922.md • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43317
https://notcve.org/view.php?id=CVE-2023-43317
An issue in Coign CRM Portal v.06.06 allows a remote attacker to escalate privileges via the userPermissionsList parameter in Session Storage component. • https://github.com/amjadali-110/CVE-2023-43317 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50274 – Hewlett Packard Enterprise OneView startUpgradeCommon Command Injection Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-50274
HPE OneView may allow command injection with local privilege escalation. HPE OneView puede permitir la inyección de comandos con escalada de privilegios local. This vulnerability allows local attackers to escalate privileges code on affected installations of Hewlett Packard Enterprise OneView. An attacker must first obtain the ability to execute low-privileged code on the target system or send an HTTP request to a local service in order to exploit this vulnerability. The specific flaw exists within the startUpgradeCommon method. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04586en_us • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •