CVE-2023-23691

HIGH Year: 2023
CVSS v3 Score
8.8
High
Weakness Type
CWE-444
View all →

Vulnerability Description

Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability to force a victim's browser to desynchronize its connection with the website, typically leading to XSS and DoS.

Related Vulnerabilities

CVE-2020-15049

HIGH
CVSS:8.8(High)

An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an ...

CWE-4442020

CVE-2022-36760

CRITICAL
CVSS:9.0(Critical)

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards reques...

CWE-4442022

CVE-2025-41235

HIGH
CVSS:8.6(High)

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies.

CWE-4442025

CVE-2018-21245

CRITICAL
CVSS:9.1(Critical)

Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711.

CWE-4442018

CVE-2018-3907

CRITICAL
CVSS:9.1(Critical)

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pip...

CWE-4442018

CVE-2018-3908

CRITICAL
CVSS:9.1(Critical)

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly handles pipel...

CWE-4442018