CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4662 – RCE in Saphira Connect
https://notcve.org/view.php?id=CVE-2023-4662
Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion.This issue affects Saphira Connect: before 9. Vulnerabilidad de Ejecución con Privilegios Innecesarios en Saphira Saphira Connect permite la Inclusión de Código Remota. Este problema afecta a Saphira Connect: antes de la versión 9. • https://www.usom.gov.tr/bildirim/tr-23-0535 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4661 – SQLi in Saphira Connect
https://notcve.org/view.php?id=CVE-2023-4661
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saphira Saphira Connect allows SQL Injection.This issue affects Saphira Connect: before 9. Neutralización Inadecuada de Elementos Especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en Saphira Saphira Connect permite la inyección SQL. Este problema afecta a Saphira Connect: antes de la versión 9. • https://www.usom.gov.tr/bildirim/tr-23-0535 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29305 – Adobe Connect Reflected Cross-Site Scripting (XSS) Arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-29305
Adobe Connect versions 12.3 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Las versiones 12.3 y anteriores de Adobe Connect se ven afectadas por una vulnerabilidad Cross-Site Scripting (XSS) Reflejada. Si un atacante puede convencer a una víctima para que visite una URL que haga referencia a una página vulnerable, se puede ejecutar contenido JavaScript malicioso dentro del contexto del navegador de la víctima. • https://helpx.adobe.com/security/products/connect/apsb23-33.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29306 – Adobe Connect Reflected Cross-Site Scripting (XSS) Arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-29306
Adobe Connect versions 12.3 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Las versiones 12.3 y anteriores de Adobe Connect se ven afectadas por una vulnerabilidad Cross-Site Scripting (XSS) Reflejada. Si un atacante puede convencer a una víctima para que visite una URL que haga referencia a una página vulnerable, se puede ejecutar contenido JavaScript malicioso dentro del contexto del navegador de la víctima. • https://helpx.adobe.com/security/products/connect/apsb23-33.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4901
https://notcve.org/view.php?id=CVE-2022-4901
Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20230301-scc-csrf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •