v.26.4.2314

Medium Severity Vulnerabilities

Found 8734 vulnerabilities at Medium severity.

Vulnerability Name

CVE

CWE

Severity

Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-34626)

CVE-2023-34626

CWE-138

Medium

Chamilo Other Vulnerability (CVE-2023-34958)

CVE-2023-34958

-

Medium

Chamilo Server-Side Request Forgery (SSRF) Vulnerability (CVE-2023-34959)

CVE-2023-34959

CWE-918

Medium

Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-34961)

CVE-2023-34961

CWE-707

Medium

Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-35029)

CVE-2023-35029

CWE-601

Medium

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-35131)

CVE-2023-35131

CWE-707

Medium

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-35132)

CVE-2023-35132

CWE-138

Medium

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-35153)

CVE-2023-35153

CWE-707

Medium

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-35155)

CVE-2023-35155

CWE-707

Medium

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-35156)

CVE-2023-35156

CWE-707

Medium

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-35157)

CVE-2023-35157

CWE-707

Medium

XWiki Improper Neutralization of Alternate XSS Syntax Vulnerability (CVE-2023-35158)

CVE-2023-35158

CWE-707

Medium

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-35159)

CVE-2023-35159

CWE-707

Medium

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-35160)

CVE-2023-35160

CWE-707

Medium

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-35161)

CVE-2023-35161

CWE-707

Medium

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-35162)

CVE-2023-35162

CWE-707

Medium

Envoy Proxy Use After Free Vulnerability (CVE-2023-35942)

CVE-2023-35942

CWE-416

Medium

Envoy Proxy Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2023-35944)

CVE-2023-35944

-

Medium

e107 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-36121)

CVE-2023-36121

CWE-707

Medium

Sqlite CVE-2023-36191 Vulnerability (CVE-2023-36191)

CVE-2023-36191

-

Medium

Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-36259)

CVE-2023-36259

CWE-707

Medium

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-36477)

CVE-2023-36477

CWE-707

Medium

Jetty Improper Neutralization of Quoting Syntax Vulnerability (CVE-2023-36479)

CVE-2023-36479

CWE-149

Medium

MediaWiki CVE-2023-36674 Vulnerability (CVE-2023-36674)

CVE-2023-36674

-

Medium

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-36675)

CVE-2023-36675

CWE-707

Medium

Microsoft SQL Server CVE-2023-36728 Vulnerability (CVE-2023-36728)

CVE-2023-36728

-

Medium

Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-36806)

CVE-2023-36806

CWE-707

Medium

SharePoint CVE-2023-36890 Vulnerability (CVE-2023-36890)

CVE-2023-36890

-

Medium

SharePoint CVE-2023-36894 Vulnerability (CVE-2023-36894)

CVE-2023-36894

-

Medium

Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-37061)

CVE-2023-37061

CWE-707

Medium

Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-37062)

CVE-2023-37062

CWE-707

Medium

Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-37063)

CVE-2023-37063

CWE-707

Medium

Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-37064)

CVE-2023-37064

CWE-707

Medium

Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-37065)

CVE-2023-37065

CWE-707

Medium

Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-37066)

CVE-2023-37066

CWE-707

Medium

Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-37067)

CVE-2023-37067

CWE-707

Medium

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-37251)

CVE-2023-37251

CWE-707

Medium

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-37254)

CVE-2023-37254

CWE-707

Medium

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-37255)

CVE-2023-37255

CWE-707

Medium

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-37256)

CVE-2023-37256

CWE-707

Medium

MediaWiki Other Vulnerability (CVE-2023-37300)

CVE-2023-37300

-

Medium

MediaWiki CVE-2023-37301 Vulnerability (CVE-2023-37301)

CVE-2023-37301

-

Medium

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-37302)

CVE-2023-37302

CWE-707

Medium

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-37304)

CVE-2023-37304

CWE-707

Medium

MediaWiki CVE-2023-37305 Vulnerability (CVE-2023-37305)

CVE-2023-37305

-

Medium

XWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2023-37911)

CVE-2023-37911

CWE-668

Medium

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-37940)

CVE-2023-37940

CWE-707

Medium

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-37940)

CVE-2023-37940

CWE-707

Medium

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-38000)

CVE-2023-38000

CWE-707

Medium

ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-38040)

CVE-2023-38040

CWE-707

Medium

SharePoint CVE-2023-38177 Vulnerability (CVE-2023-38177)

CVE-2023-38177

-

Medium

IBM WebSEAL Incorrect Authorization Vulnerability (CVE-2023-38368)

CVE-2023-38368

CWE-863

Medium

IBM WebSEAL Incorrect Default Permissions Vulnerability (CVE-2023-38370)

CVE-2023-38370

CWE-276

Medium

TYPO3 CVE-2023-38499 Vulnerability (CVE-2023-38499)

CVE-2023-38499

-

Medium

XWiki Transmission of Private Resources into a New Sphere ('Resource Leak') Vulnerability (CVE-2023-38509)

CVE-2023-38509

CWE-402

Medium

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-39151)

CVE-2023-39151

CWE-707

Medium

PostgreSQL CVE-2023-39418 Vulnerability (CVE-2023-39418)

CVE-2023-39418

-

Medium

PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-39527)

CVE-2023-39527

CWE-707

Medium

Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-39582)

CVE-2023-39582

CWE-138

Medium

WordPress CVE-2023-39999 Vulnerability (CVE-2023-39999)

CVE-2023-39999

-

Medium

Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-3042)

CVE-2023-3042

CWE-707

Medium

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-3193)

CVE-2023-3193

CWE-707

Medium

PHP Use of Insufficiently Random Values Vulnerability (CVE-2023-3247)

CVE-2023-3247

CWE-330

Medium

Liferay Portal Missing Authorization Vulnerability (CVE-2023-3426)

CVE-2023-3426

CWE-862

Medium

OpenSSL Inefficient Regular Expression Complexity Vulnerability (CVE-2023-3446)

CVE-2023-3446

CWE-1333

Medium

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-3469)

CVE-2023-3469

CWE-707

Medium

Jboss EAP Other Vulnerability (CVE-2023-3628)

CVE-2023-3628

-

Medium

Jboss EAP Other Vulnerability (CVE-2023-3629)

CVE-2023-3629

-

Medium

OpenSSL Excessive Iteration Vulnerability (CVE-2023-3817)

CVE-2023-3817

CWE-834

Medium

Wordpress Plugin Backup Migration Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-3977)

CVE-2023-3977

CWE-352

Medium

Omeka Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-3980)

CVE-2023-3980

CWE-707

Medium

Omeka Server-Side Request Forgery (SSRF) Vulnerability (CVE-2023-3981)

CVE-2023-3981

CWE-918

Medium

Omeka Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-3982)

CVE-2023-3982

CWE-707

Medium

WP Plugin Advanced Custom Fields Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-40068)

CVE-2023-40068

CWE-707

Medium

Jetty CVE-2023-40167 Vulnerability (CVE-2023-40167)

CVE-2023-40167

-

Medium