Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-30 | CVE-2023-26289 | Improper Encoding or Escaping of Output vulnerability in IBM Aspera Orchestrator 4.0.1 IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 5.4 |
| 2024-07-30 | CVE-2023-38001 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Aspera Orchestrator 4.0.1 IBM Aspera Orchestrator 4.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
| 2024-07-30 | CVE-2024-41916 | Unspecified vulnerability in Arubanetworks Clearpass Policy Manager A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. | 4.9 |
| 2024-07-30 | CVE-2024-5486 | Unspecified vulnerability in Arubanetworks Clearpass Policy Manager A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. | 4.9 |
| 2024-07-30 | CVE-2024-41803 | SQL Injection vulnerability in Xibosignage Xibo Xibo is a content management system (CMS). | 4.9 |
| 2024-07-30 | CVE-2024-41804 | SQL Injection vulnerability in Xibosignage Xibo Xibo is a content management system (CMS). | 6.5 |
| 2024-07-30 | CVE-2024-37165 | Cross-site Scripting vulnerability in Discourse Discourse is an open source discussion platform. | 6.1 |
| 2024-07-30 | CVE-2024-39320 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Discourse Discourse is an open source discussion platform. | 6.1 |
| 2024-07-30 | CVE-2024-7127 | Cross-site Scripting vulnerability in Stackposts Social Marketing Tool Improper Neutralization of Input During Web Page Generation vulnerability in Stackposts Social Marketing Tool allows Cross-site Scripting (XSS) attack. By submitting the payload in the username during registration, it can be executed later in the application panel. | 6.1 |
| 2024-07-30 | CVE-2024-38430 | Cross-site Scripting vulnerability in Matrix-Globalservices Tafnit Matrix - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 6.1 |