CVE-2023-37207

MEDIUM Year: 2023
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-470
View all →

Vulnerability Description

A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.

Related Vulnerabilities

CVE-2024-1574

MEDIUM
CVSS:6.7(Medium)

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in the licensing feature of ICONICS GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric GENESIS64 ...

CWE-4702024

CVE-2019-20635

MEDIUM
CVSS:6.1(Medium)

codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields.

CWE-4702019

CVE-2024-22258

MEDIUM
CVSS:6.1(Medium)

Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients. Specifically, an ap...

CWE-4702024

CVE-2018-5511

HIGH
CVSS:7.2(High)

On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, ...

CWE-4702018

CVE-2024-8015

HIGH
CVSS:7.2(High)

In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability.

CWE-4702024

CVE-2023-0460

HIGH
CVSS:7.3(High)

The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. After binding, a remote context is created with the flags Context.CONTEXT_INCLUDE_CODE | Context.CONTEXT_IGNORE_SECURITY. T...

CWE-4702023