CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Cross Site Scripting (XSS) vulnerability in Things Board 3.4.1 allows remote attackers to escalate privilege via crafted URL to the Audit Log.

\### Description

a reflected XSS vulnerability allows users to elevate their privilege to admin

\### Researcher

Saad Aldawsari (@aldawsari\_saad)

\### Vulnerability Type

Cross-Site-Scripting (XSS)

\### Vendor of Product

Things Board

\### Affected Product Code Base

Things Board < 3.4.1

\### Affected Component

Audit Log

\### Attack Type

Remote

\### Impact Information Disclosure

True

Headline

CVE-2022-40004: CVE-2022-40004

CVE: Latest News