CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

PrimeKey EJBCA 7.9.0.2 Community allows stored XSS in the End Entity section. A user with the RA Administrator role can inject an XSS payload to target higher-privilege users.

**EJBCA Stored XSS | CVE\-2022-40711**

The Common Vulnerabilities and Exposures (CVE) Program has assigned the ID​ CVE\-2022-40711 to this issue. This is an entry on the CVE List, which standardises names for security problems.  
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE\-2022-40711

**CVE ID:** CVE\-2022-40711  
**Date of Disclosure:** 11th September 2022  
**Vendor, Product**: Primekey, EJBCA  
**Affected Product:** Ejbca Version 7.9.0.2

**Severity Rating**: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N (CVSS Base Score: 8.1)

EJBCA 7.9.0.2 Community is having a stored XSS vulnerability in an ‘End Entity’ section. A user with ‘RA Administrator’ can inject scripts and XSS the higher privilege users..

**POC:**

**Credit:** Verneet Singh

Headline

CVE-2022-40711: CVE-2022-40711 | {err0rr}

CVE: Latest News