CVE-2023-0322
published 2023-03-15CVE-2023-0322: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Talent Software UNIS allows Reflected XSS. This issue…
PriorityP422medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.37%
29.0th percentile
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Talent Software UNIS allows Reflected XSS.
This issue affects UNIS: before 28376.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gpac | gpac | >= 0 < 0.5.0+svn4288~dfsg1-4ubuntu1+esm2 | 0.5.0+svn4288~dfsg1-4ubuntu1+esm2 |
| gpac | gpac | >= 0 < 0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1+esm2 | 0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1+esm2 |
| gpac | gpac | >= 0 < 0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1+esm1 | 0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1+esm1 |
| gpac | gpac | >= 0 < 0.5.2-426-gc5ad4e4+dfsg5-5ubuntu0.1~esm2 | 0.5.2-426-gc5ad4e4+dfsg5-5ubuntu0.1~esm2 |
| gpac | gpac | >= 0 < 2.0.0+dfsg1-2ubuntu0.1~esm2 | 2.0.0+dfsg1-2ubuntu0.1~esm2 |
| gpac | gpac | >= 0 < 2.2.1+dfsg1-3.1ubuntu0.1~esm2 | 2.2.1+dfsg1-3.1ubuntu0.1~esm2 |
| talent_software | unis | < 28376 | 28376 |
| talentyazilim | unis | < 28376 | 28376 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv7.7HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
gpac vulnerabilities
osv·2025-03-04·CVSS 7.7
CVE-2023-5520 gpac vulnerabilities
gpac vulnerabilities
It was discovered that the GPAC MP4Box utility incorrectly handled certain
AC3 files, which could lead to an out-of-bounds read. A remote attacker
could use this issue to cause MP4Box to crash, resulting in a denial of
service (system crash). This issue only affected Ubuntu 22.04 LTS and
Ubuntu 24.04 LTS. (CVE-2023-5520, CVE-2024-0322)
It was discovered that the GPAC MP4Box utility incorrectly handled certain
malformed text files. If a user or automated system using MP4Box were
tricked into opening a specially crafted RST file, an attacker could use
this issue to cause a denial of service (system crash) or execute arbitrary
code. (CVE-2024-0321)
GHSA
GHSA-8q57-95qw-p6m2: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Talent Software UNIS allows Reflected XSS
ghsa_unreviewed·2023-03-15
CVE-2023-0322 [MEDIUM] CWE-79 GHSA-8q57-95qw-p6m2: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Talent Software UNIS allows Reflected XSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Talent Software UNIS allows Reflected XSS.This issue affects UNIS: before 28376.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-03-15
Published