CVE-2023-32192

HIGH Year: 2023
CVSS v3 Score
8.3
High
Weakness Type
CWE-80
View all →

Vulnerability Description

A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in the API Server's public API endpoint can be exploited, allowing an attacker to execute arbitrary JavaScript code in the victim browser

Related Vulnerabilities

CVE-2023-32193

HIGH
CVSS:8.3(High)

A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in Norman's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to t...

CWE-802023

CVE-2024-32484

HIGH
CVSS:8.2(High)

An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an...

CWE-802024

CVE-2021-27915

CRITICAL
CVSS:9.0(Critical)

Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissi...

CWE-802021

CVE-2022-25620

CRITICAL
CVSS:9.0(Critical)

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Group Functionality of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause execute arbitr...

CWE-802022

CVE-2024-52300

CRITICAL
CVSS:9.0(Critical)

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact ...

CWE-802024

CVE-2024-35224

HIGH
CVSS:7.6(High)

OpenProject is the leading open source project management software. OpenProject utilizes `tablesorter` inside of the Cost Report feature. This dependency, when misconfigured, can lead to Stored XSS vi...

CWE-802024