CVE-2023-2850

MEDIUM Year: 2023
CVSS v3 Score
4.7
Medium
Weakness Type
CWE-1385
View all →

Vulnerability Description

NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker.

Related Vulnerabilities

CVE-2023-2886

MEDIUM
CVSS:4.3(Medium)

Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.

CWE-13852023

CVE-2024-8201

MEDIUM
CVSS:5.4(Medium)

Cross-Site WebSocket Hijacking vulnerability in Hitachi Ops Center Analyzer (RAID Agent component).This issue affects Hitachi Ops Center Analyzer: from 10.8.0-00 before 11.0.4-00; Hitachi Ops Center A...

CWE-13852024

CVE-2023-32264

MEDIUM
CVSS:5.8(Medium)

CWE-1385 vulnerability in OpenText Documentum D2 affecting versions16.5.1 to CE 23.2. The vulnerability could allow upload arbitrary code and execute it on the client's computer.

CWE-13852023

CVE-2014-125071

CRITICAL
CVSS:9.8(Critical)

A vulnerability was found in lukehutch Gribbit. It has been classified as problematic. Affected is the function messageReceived of the file src/gribbit/request/HttpRequestHandler.java. The manipulatio...

CWE-13852014

CVE-2024-23168

CRITICAL
CVSS:9.8(Critical)

Vulnerability in Xiexe XSOverlay before build 647 allows non-local websites to send the malicious commands to the WebSocket API, resulting in the arbitrary code execution.

CWE-13852024

CVE-2023-0957

CRITICAL
CVSS:9.6(Critical)

An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to the Git...

CWE-13852023