CVE-2023-48201
https://notcve.org/view.php?id=CVE-2023-48201
Cross Site Scripting (XSS) vulnerability in Sunlight CMS v.8.0.1, allows remote authenticated attackers to execute arbitrary code and escalate privileges via a crafted script to the Content text editor component. • https://mechaneus.github.io/CVE-2023-48201.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-23620 – IBM Merge Healthcare eFilm Workstation SYSTEM Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-23620
A local, authenticated attacker can exploit this vulnerability to escalate privileges to SYSTEM. • https://blog.exodusintel.com/2024/01/25/ibm-merge-healthcare-efilm-workstation-system-privilege-escalation • CWE-269: Improper Privilege Management •
CVE-2024-22922
https://notcve.org/view.php?id=CVE-2024-22922
An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php Un problema en Projectworlds Vistor Management System en PHP v.1.0 permite a un atacante remoto escalar privilegios a través de un script manipulado a la página de inicio de sesión en POST/index.php • https://github.com/keru6k/CVE-2024-22922 http://projectworlds.com http://visitor.com https://github.com/keru6k/CVE-2024-22922/blob/main/CVE-2024-22922.md • CWE-269: Improper Privilege Management •
CVE-2023-43317
https://notcve.org/view.php?id=CVE-2023-43317
An issue in Coign CRM Portal v.06.06 allows a remote attacker to escalate privileges via the userPermissionsList parameter in Session Storage component. • https://github.com/amjadali-110/CVE-2023-43317 •
CVE-2023-50274 – Hewlett Packard Enterprise OneView startUpgradeCommon Command Injection Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-50274
HPE OneView may allow command injection with local privilege escalation. ... This vulnerability allows local attackers to escalate privileges code on affected installations of Hewlett Packard Enterprise OneView. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04586en_us • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •