CVE-2023-38551

HIGH Year: 2023
CVSS v3 Score
8.2
High
Weakness Type
CWE-93
View all →

Vulnerability Description

A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack.

Related Vulnerabilities

CVE-2024-20337

HIGH
CVSS:8.2(High)

A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user....

CWE-932024

CVE-2017-15400

HIGH
CVSS:7.8(High)

Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD f...

CWE-932017

CVE-2024-45302

HIGH
CVSS:7.8(High)

RestSharp is a Simple REST and HTTP API Client for .NET. The second argument to `RestRequest.AddHeader` (the header value) is vulnerable to CRLF injection. The same applies to `RestRequest.AddOrUpdate...

CWE-932024

CVE-2022-0666

HIGH
CVSS:7.6(High)

CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11.

CWE-932022

CVE-2021-39172

HIGH
CVSS:8.8(High)

Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can exploit a new line injection in the configuration edition ...

CWE-932021

CVE-2023-26130

HIGH
CVSS:8.8(High)

Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete ...

CWE-932023