CVE-2023-22665

MEDIUM Year: 2023
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-917
View all →

Vulnerability Description

There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.

Related Vulnerabilities

CVE-2024-9672

MEDIUM
CVSS:5.4(Medium)

A reflected cross-site scripting (XSS) vulnerability exists in PaperCut NG/MF. This issue can be used to execute specially created JavaScript payloads in the browser. A user must click on a malicious ...

CWE-9172024

CVE-2024-4286

MEDIUM
CVSS:4.9(Medium)

Mintplex-Labs' anything-llm application is vulnerable to improper neutralization of special elements used in an expression language statement, identified in the commit id `57984fa85c31988b2eff429adfc6...

CWE-9172024

CVE-2019-11628

MEDIUM
CVSS:6.5(Medium)

An issue was discovered in QlikView Server before 11.20 SR19, 12.00 and 12.10 before 12.10 SR11, 12.20 before SR9, and 12.30 before SR2; and Qlik Sense Enterprise and Qlik Analytics Platform installat...

CWE-9172019

CVE-2018-16621

HIGH
CVSS:7.2(High)

Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection.

CWE-9172018

CVE-2019-9041

HIGH
CVSS:7.2(High)

An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:as...

CWE-9172019

CVE-2020-7799

HIGH
CVSS:7.2(High)

An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute c...

CWE-9172020