CVE-2023-38125

HIGH Year: 2023
CVSS v3 Score
7.5
High
Weakness Type
CWE-942
View all →

Vulnerability Description

Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of the web server. The issue results from the lack of appropriate Content Security Policy headers. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20542.

Related Vulnerabilities

CVE-2022-47717

HIGH
CVSS:7.5(High)

Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing (CORS).

CWE-9422022

CVE-2023-23464

HIGH
CVSS:7.5(High)

Media CP Media Control Panel latest version. A Permissive Flash Cross-domain Policy may allow information disclosure.

CWE-9422023

CVE-2025-25234

HIGH
CVSS:7.5(High)

Omnissa UAG contains a Cross-Origin Resource Sharing (CORS) bypass vulnerability. A malicious actor with network access to UAG may be able to bypass administrator-configured CORS restrictions to gain ...

CWE-9422025

CVE-2019-14860

HIGH
CVSS:7.4(High)

It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further acces...

CWE-9422019

CVE-2023-38122

HIGH
CVSS:7.2(High)

Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected i...

CWE-9422023

CVE-2024-32862

HIGH
CVSS:8.1(High)

Under certain circumstances the ExacqVision Web Services does not provide sufficient protection from untrusted domains.

CWE-9422024