Vulnerabilities > Broadcom > Symantec Identity Governance AND Administration > 14.4.1

DATE	CVE	VULNERABILITY TITLE	RISK
2023-01-26	CVE-2023-23949	Cross-site Scripting vulnerability in Broadcom products An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser. network low complexity broadcom CWE-79	5.4
2023-01-26	CVE-2023-23950	Cross-site Scripting vulnerability in Broadcom products User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses. network low complexity broadcom CWE-79	6.1
2023-01-26	CVE-2023-23951	Cross-site Scripting vulnerability in Broadcom products Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application network low complexity broadcom CWE-79	6.1

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.