CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33955 – Minio console object names with RIGHT-TO-LEFT OVERRIDE unicode character can be exploited
https://notcve.org/view.php?id=CVE-2023-33955
30 May 2023 — Minio Console is the UI for MinIO Object Storage. Unicode RIGHT-TO-LEFT OVERRIDE characters can be used to mask the original filename. This issue has been patched in version 0.28.0. • https://github.com/minio/console/commit/17e791afb90c9ad27c65f63c6be14f2f6a3a9d60 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-125070 – yanheven console tables.py AvailabilityZonesTable cross site scripting
https://notcve.org/view.php?id=CVE-2014-125070
08 Jan 2023 — A vulnerability has been found in yanheven console and classified as problematic. Affected by this vulnerability is the function get_zone_hosts/AvailabilityZonesTable of the file openstack_dashboard/dashboards/admin/aggregates/tables.py. The manipulation leads to cross site scripting. The attack can be launched remotely. The patch is named ba908ae88d5925f4f6783eb234cc4ea95017472b. • https://github.com/yanheven/console/commit/ba908ae88d5925f4f6783eb234cc4ea95017472b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •