CVE-2023-1419

MEDIUM Year: 2023
CVSS v3 Score
5.9
Medium
Weakness Type
CWE-233
View all →

Vulnerability Description

A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data.

Related Vulnerabilities

CVE-2024-20306

MEDIUM
CVSS:6.0(Medium)

A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host...

CWE-2332024

CVE-2024-9329

MEDIUM
CVSS:6.1(Medium)

In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying...

CWE-2332024

CVE-2020-10069

MEDIUM
CVSS:6.5(Medium)

Zephyr Bluetooth unchecked packet data results in denial of service. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Parameters (CWE-233). For more information, see https://github.c...

CWE-2332020

CVE-2021-45477

MEDIUM
CVSS:6.5(Medium)

Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.This issue affects Library Automation System: before...

CWE-2332021

CVE-2021-45478

MEDIUM
CVSS:6.5(Medium)

Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.This issue affects Library Automation System: before...

CWE-2332021

CVE-2023-28898

MEDIUM
CVSS:5.3(Medium)

The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the...

CWE-2332023