CVE-2023-1319
published 2023-03-10CVE-2023-1319: Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.
PriorityP418medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.47%
37.4th percentile
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| enhancesoft | osticket | < 1.16.6 | 1.16.6 |
| osticket | osticket_osticket | >= unspecified < v1.16.6 | v1.16.6 |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvdv3.04.8MEDIUMCVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
vendor_oracle7.5HIGH
vendor_redhat7.0HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-292m-rvrj-457h: Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1
ghsa_unreviewed·2023-03-10
CVE-2023-1319 [MEDIUM] CWE-79 GHSA-292m-rvrj-457h: Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.
Red Hat
sudo: Targeted Corruption of Register and Stack Variables
vendor_redhat·2023-09-05·CVSS 7.0
CVE-2023-42465 [HIGH] CWE-1319 sudo: Targeted Corruption of Register and Stack Variables
sudo: Targeted Corruption of Register and Stack Variables
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.
A flaw was found in the sudo package. This issue could allow a local authenticated attacker to cause a bit to flip, which enables fault injection and may authenticate as the root user.
Statement: "Mayhem" is a potent attack technique that focuses on the core components of computing systems, specifically the CPU internals and stack variables. This method signifies a noteworthy advancement in cyber threats, demonstrating a successful ability to tamper with a c
Oracle
Oracle Oracle Communications Risk Matrix: Installation (Undertow) — CVE-2022-1319
vendor_oracle·2023-01-15·CVSS 7.5
CVE-2022-1319 [HIGH] Oracle Oracle Communications Risk Matrix: Installation (Undertow) — CVE-2022-1319
Oracle Oracle Communications Risk Matrix: Installation (Undertow) vulnerability
CVE: CVE-2022-1319
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2023 (JAN 2023)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-03-10
Published