CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2023-37790 – Clarity PPM 14.3.0.298 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2023-37790
Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload function. Se descubrió que Jaspersoft Clarity PPM versión 14.3.0.298 contenía una vulnerabilidad de carga de archivos arbitraria a través de la función de Carga de Imágenes de Perfil. Clarity PPM version 14.3.0.298 suffers from a persistent cross site scripting vulnerability. • https://github.com/kaizensecurity/CVE-2023-37790 https://packetstormsecurity.com/files/173508/Clarity-PPM-14.3.0.298-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-33739
https://notcve.org/view.php?id=CVE-2022-33739
CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could allow a remote attacker to potentially view the contents of any file on the system. CA Clarity versiones 15.8 y anteriores y 15.9.0, contienen una vulnerabilidad de análisis XML no seguro que podría permitir a un atacante remoto visualizar potencialmente el contenido de cualquier archivo del sistema • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20645 • CWE-91: XML Injection (aka Blind XPath Injection) •