CVE-2023-2014
published 2023-04-13CVE-2023-2014: Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3.
PriorityP419medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.48%
38.1th percentile
Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | >= 6.2.0 < 6.2.11 | 6.2.11 |
| microweber | microweber | < 1.3.3 | 1.3.3 |
| microweber | microweber | >= 0 < 1.3.3 | 1.3.3 |
| microweber | microweber_microweber | >= unspecified < 1.3.3 | 1.3.3 |
| vmware | open-vm-tools | >= 0 < 2:9.4.0-1280544-5ubuntu6.4+esm1 | 2:9.4.0-1280544-5ubuntu6.4+esm1 |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L
osv6.3MEDIUM
vendor_redhat8.0HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
iommufd: Check for uptr overflow
osv·2025-12-30
CVE-2023-54239 iommufd: Check for uptr overflow
iommufd: Check for uptr overflow
In the Linux kernel, the following vulnerability has been resolved:
iommufd: Check for uptr overflow
syzkaller found that setting up a map with a user VA that wraps past zero
can trigger WARN_ONs, particularly from pin_user_pages weirdly returning 0
due to invalid arguments.
Prevent creating a pages with a uptr and size that would math overflow.
WARNING: CPU: 0 PID: 518 at drivers/iommu/iommufd/pages.c:793 pfn_reader_user_pin+0x2e6/0x390
Modules linked in:
CPU: 0 PID: 518 Comm: repro Not tainted 6.3.0-rc2-eeac8ede1755+ #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
RIP: 0010:pfn_reader_user_pin+0x2e6/0x390
Code: b1 11 e9 25 fe ff ff e8 28 e4 0f ff 31 ff 48 89 de e8 2e e6 0f ff 48 8
OSV
open-vm-tools vulnerabilities
osv·2025-08-24·CVSS 6.3
CVE-2023-34059 open-vm-tools vulnerabilities
open-vm-tools vulnerabilities
Matthias Gerstner discovered that Open VM Tools incorrectly handled file
descriptors when dropping privileges. A local attacker could possibly use
this issue to hijack /dev/uinput and simulate user inputs. (CVE-2023-34059)
Dolev Farhi discovered that Open VM Tools incorrectly handled certain file
permissions. A local attacker could possibly use this issue to setup a
symlink
attack and override files without authorization. (CVE-2014-4199)
GHSA
Microweber vulnerable to cross-site scripting (XSS)
ghsa·2023-04-13
CVE-2023-2014 [MEDIUM] CWE-79 Microweber vulnerable to cross-site scripting (XSS)
Microweber vulnerable to cross-site scripting (XSS)
microweber/microweber prior to 1.3.3 is vulnerable to cross-site scripting (XSS) in the template selection while changing a group template.
OSV
Microweber vulnerable to cross-site scripting (XSS)
osv·2023-04-13
CVE-2023-2014 [MEDIUM] Microweber vulnerable to cross-site scripting (XSS)
Microweber vulnerable to cross-site scripting (XSS)
microweber/microweber prior to 1.3.3 is vulnerable to cross-site scripting (XSS) in the template selection while changing a group template.
Suricata
ET EXPLOIT Possible CVE-2014-6271 Attempt Against SIP Proxy
suricata·2014-09-27·CVSS 9.8
CVE-2014-6271 [CRITICAL] ET EXPLOIT Possible CVE-2014-6271 Attempt Against SIP Proxy
ET EXPLOIT Possible CVE-2014-6271 Attempt Against SIP Proxy
Rule: alert udp any any -> $HOME_NET [5060,5061] (msg:"ET EXPLOIT Possible CVE-2014-6271 Attempt Against SIP Proxy"; flow:to_server; content:"|28 29 20 7b|"; fast_pattern; reference:url,github.com/zaf/sipshock; reference:cve,2014-6271; classtype:attempted-admin; sid:2019289; rev:4; metadata:created_at 2014_09_27, cve CVE_2014_6271, confidence Medium, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_05_24;)
No public exploits indexed.
Bugzilla
CVE-2023-54236 kernel: net/net_failover: fix txq exceeding warning
bugzilla·2025-12-30
CVE-2023-54236 [MEDIUM] CVE-2023-54236 kernel: net/net_failover: fix txq exceeding warning
CVE-2023-54236 kernel: net/net_failover: fix txq exceeding warning
In the Linux kernel, the following vulnerability has been resolved:
net/net_failover: fix txq exceeding warning
The failover txq is inited as 16 queues.
when a packet is transmitted from the failover device firstly,
the failover device will select the queue which is returned from
the primary device if the primary device is UP and running.
If the primary device txq is bigger than the default 16,
it can lead to the following warning:
eth0 selects TX queue 18, but real number of TX queues is 16
The warning backtrace is:
[ 32.146376] CPU: 18 PID: 9134 Comm: chronyd Tainted: G E 6.2.8-1.el7.centos.x86_64 #1
[ 32.147175] Hardware name: Red Hat KVM, BIOS 1.10.2-3.el7_4.1 04/01/2014
[ 32.147730] Call Trace:
[ 32.147971]
[ 32.14
Bugzilla
CVE-2023-53629 kernel: fs: dlm: fix use after free in midcomms commit
bugzilla·2025-10-07·CVSS 7.8
CVE-2023-53629 [HIGH] CVE-2023-53629 kernel: fs: dlm: fix use after free in midcomms commit
CVE-2023-53629 kernel: fs: dlm: fix use after free in midcomms commit
In the Linux kernel, the following vulnerability has been resolved:
fs: dlm: fix use after free in midcomms commit
While working on processing dlm message in softirq context I experienced
the following KASAN use-after-free warning:
[ 151.760477] ==================================================================
[ 151.761803] BUG: KASAN: use-after-free in dlm_midcomms_commit_mhandle+0x19d/0x4b0
[ 151.763414] Read of size 4 at addr ffff88811a980c60 by task lock_torture/1347
[ 151.765284] CPU: 7 PID: 1347 Comm: lock_torture Not tainted 6.1.0-rc4+ #2828
[ 151.766778] Hardware name: Red Hat KVM/RHEL-AV, BIOS 1.16.0-3.module+el8.7.0+16134+e5908aa2 04/01/2014
[ 151.768726] Call Trace:
[ 151.769277]
[ 151.769748] dump_stack
https://github.com/microweber/microweber/commit/1a9b904722b35b00653c6ae72dca2969149159b3https://huntr.dev/bounties/a77bf7ed-6b61-452e-b5ee-e20017e28d1ahttps://github.com/microweber/microweber/commit/1a9b904722b35b00653c6ae72dca2969149159b3https://huntr.dev/bounties/a77bf7ed-6b61-452e-b5ee-e20017e28d1a
2023-04-13
Published