CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51063
https://notcve.org/view.php?id=CVE-2023-51063
QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based Reflected Cross Site Scripting (XSS) vulnerability within the component qnme-ajax?method=tree_level. Se descubrió que QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0, contiene una vulnerabilidad de scross site scripting (XSS) reflejado basada en DOM dentro del componente qnme-ajax?method=tree_level. • https://github.com/Oracle-Security/CVEs/blob/main/QStar%20Archive%20Solutions/CVE-2023-51063.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51070
https://notcve.org/view.php?id=CVE-2023-51070
An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily adjust sensitive SMB settings on the QStar Server. Un problema de control de acceso en QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 permite a atacantes no autenticados ajustar arbitrariamente configuraciones SMB confidenciales en el servidor QStar. • https://github.com/Oracle-Security/CVEs/blob/main/QStar%20Archive%20Solutions/CVE-2023-51070.md • CWE-284: Improper Access Control •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51068
https://notcve.org/view.php?id=CVE-2023-51068
An authenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link. Una vulnerabilidad de cross site scripting (XSS) reflejado autenticada en QStar Archive Solutions Release RELEASE_3-0 Build 7 permite a los atacantes ejecutar javascript arbitrario en el navegador de una víctima a través de un enlace manipulado. • https://github.com/Oracle-Security/CVEs/blob/main/QStar%20Archive%20Solutions/CVE-2023-51068.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51067
https://notcve.org/view.php?id=CVE-2023-51067
An unauthenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link. Una vulnerabilidad de cross site scripting (XSS) reflejado no autenticada en QStar Archive Solutions Release RELEASE_3-0 Build 7 permite a los atacantes ejecutar javascript arbitrario en el navegador de una víctima a través de un enlace manipulado. • https://github.com/Oracle-Security/CVEs/blob/main/QStar%20Archive%20Solutions/CVE-2023-51067.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •