LiveActive security incident?Get immediate response
CVE archive

2023 CVE Archive

Browse CVE records published in 2023 CVE Archive, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 30595 matching CVEs · Page 2 of 612.

Unknown · CVSS Not scored

CVE-2023-47322: The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leadin...

The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user in the application.

Published Dec 13, 2023 · Updated Jul 9, 2026

High · CVSS 8.1

CVE-2023-47320: Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control.

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in "Maintenance Mode" due to broken access control. This makes the application unavailable to all users. This affects Silverpeas Core 6.3.1 and below.

Published Dec 13, 2023 · Updated Jul 9, 2026

Medium · CVSS 5.4

CVE-2023-46344: A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products,...

A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting (XSS) vulnerability in the switch group function under /#ilang=DE&b=c_smartenergy_swgroups in the web portal. The vulnerability can be exploited to gain the rights of an installer or PM, which can then be used to gain administrative access to the web portal and execute further attacks. NOTE: The vendor states that this vulnerability has been fixed with 3.0.0-60 11.10.2013 for SL 200, 500, 1000 / not existing for SL 250, 300, 1200, 2000, SL 50 Gateway, SL Base.

Published Feb 2, 2024 · Updated Jul 9, 2026

Unknown · CVSS Not scored

CVE-2023-45992: A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or be...

A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system.

Published Oct 19, 2023 · Updated Jul 9, 2026

Unknown · CVSS Not scored

CVE-2023-40985: An issue was discovered in Webmin 2.100.

An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced.

Published Sep 15, 2023 · Updated Jul 9, 2026

Unknown · CVSS Not scored

CVE-2023-40932: A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attac...

A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials.

Published Sep 19, 2023 · Updated Jul 9, 2026