CWE-610
DiscouragedExternally Controlled Reference to a Resource in Another Sphere
Abstraction: Class · Status: Draft
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
278 vulnerabilities reference this CWE, most recent first.
GHSA-M5H2-XG59-X76G
Vulnerability from github – Published: 2022-05-24 17:42 – Updated: 2022-05-24 17:42The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator.
{
"affected": [],
"aliases": [
"CVE-2020-25161"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-23T17:15:00Z",
"severity": "HIGH"
},
"details": "The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator.",
"id": "GHSA-m5h2-xg59-x76g",
"modified": "2022-05-24T17:42:52Z",
"published": "2022-05-24T17:42:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25161"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-289-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MC9V-5C5F-P2J5
Vulnerability from github – Published: 2024-01-10 18:30 – Updated: 2025-11-04 21:31An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the downloadURL_webpimage parameter.
{
"affected": [],
"aliases": [
"CVE-2023-49863"
],
"database_specific": {
"cwe_ids": [
"CWE-610",
"CWE-73"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-10T16:15:49Z",
"severity": "MODERATE"
},
"details": "An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the `downloadURL_webpimage` parameter.",
"id": "GHSA-mc9v-5c5f-p2j5",
"modified": "2025-11-04T21:31:01Z",
"published": "2024-01-10T18:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49863"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1880"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1880"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MGQ5-593J-JV2X
Vulnerability from github – Published: 2022-07-29 00:00 – Updated: 2022-08-05 00:00WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files is prone to multiple vulnerabilities, including open proxy and security bypass vulnerabilities because it fails to properly verify user-supplied input. An attacker may leverage these issues to hide attacks directed at a target site from behind vulnerable website or to perform otherwise restricted actions and subsequently download files with the extension mp3, mp4a, wav and ogg from anywhere the web server application has read access to the system. WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files version 1.7.6 is vulnerable; prior versions may also be affected.
{
"affected": [],
"aliases": [
"CVE-2016-0796"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-28T17:15:00Z",
"severity": "HIGH"
},
"details": "WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files is prone to multiple vulnerabilities, including open proxy and security bypass vulnerabilities because it fails to properly verify user-supplied input. An attacker may leverage these issues to hide attacks directed at a target site from behind vulnerable website or to perform otherwise restricted actions and subsequently download files with the extension mp3, mp4a, wav and ogg from anywhere the web server application has read access to the system. WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files version 1.7.6 is vulnerable; prior versions may also be affected.",
"id": "GHSA-mgq5-593j-jv2x",
"modified": "2022-08-05T00:00:29Z",
"published": "2022-07-29T00:00:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0796"
},
{
"type": "WEB",
"url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-mb-miniaudioplayer-an-html5-audio-player-for-your-mp3-files-multiple-vulnerabilities-1-7-6"
},
{
"type": "WEB",
"url": "http://www.vapidlabs.com/advisory.php?v=162"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MJJC-5JWQ-CFXV
Vulnerability from github – Published: 2023-12-05 00:31 – Updated: 2023-12-08 18:30In visitUris of Notification.java, there is a possible way to display images from another user due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2023-35668"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-04T23:15:23Z",
"severity": "MODERATE"
},
"details": "In visitUris of Notification.java, there is a possible way to display images from another user due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-mjjc-5jwq-cfxv",
"modified": "2023-12-08T18:30:39Z",
"published": "2023-12-05T00:31:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35668"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/frameworks/base/+/b7bd7df91740da680a5c3a84d8dd91b4ca6956dd"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2023-12-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MMQW-R4V3-63Q7
Vulnerability from github – Published: 2025-09-26 21:30 – Updated: 2025-09-26 21:30A vulnerability was determined in Jinher OA 2.0. The impacted element is an unknown function of the file /c6/Jhsoft.Web.module/ToolBar/ManageWord.aspx/?text=GetUrl&style=1. This manipulation causes xml external entity reference. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
{
"affected": [],
"aliases": [
"CVE-2025-11035"
],
"database_specific": {
"cwe_ids": [
"CWE-610",
"CWE-611"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-26T19:15:34Z",
"severity": "MODERATE"
},
"details": "A vulnerability was determined in Jinher OA 2.0. The impacted element is an unknown function of the file /c6/Jhsoft.Web.module/ToolBar/ManageWord.aspx/?text=GetUrl\u0026style=1. This manipulation causes xml external entity reference. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.",
"id": "GHSA-mmqw-r4v3-63q7",
"modified": "2025-09-26T21:30:29Z",
"published": "2025-09-26T21:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11035"
},
{
"type": "WEB",
"url": "https://github.com/frwfxc123/CVE/issues/1"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.325982"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.325982"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.658253"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-MPWP-42X6-4WMX
Vulnerability from github – Published: 2024-05-14 22:10 – Updated: 2024-05-14 22:10Impact
On Nov. 2, during an internal security audit, we discovered that when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance, Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users’ roles in other organizations in which they are not an admin.
Patches
Fixed in 8.2.4
Workarounds
All installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a feature flag.
Grafana Cloud instances have not been affected by the vulnerability.
Reporting security issues
If you think you have found a security vulnerability, please send a report to security@grafana.com. This address can be used for all of Grafana Labs' open source and commercial products (including, but not limited to Grafana, Grafana Cloud, Grafana Enterprise, and grafana.com). We can accept only vulnerability reports at this address. We would prefer that you encrypt your message to us by using our PGP key. The key fingerprint is
F988 7BEA 027A 049F AE8E 5CAA D125 8932 BE24 C5CA
The key is available from keyserver.ubuntu.com.
Security announcements
We maintain a security category on our blog, where we will always post a summary, remediation, and mitigation details for any patch containing security fixes.
You can also subscribe to our RSS feed.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/grafana/grafana"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.2.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-41244"
],
"database_specific": {
"cwe_ids": [
"CWE-610",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2024-05-14T22:10:36Z",
"nvd_published_at": "2021-11-15T20:15:00Z",
"severity": "CRITICAL"
},
"details": "### Impact\nOn Nov. 2, during an internal security audit, we discovered that when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance, Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users\u2019 roles in other organizations in which they are not an admin.\n\n### Patches\nFixed in 8.2.4\n\n### Workarounds\nAll installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a [feature flag](https://grafana.com/docs/grafana/latest/enterprise/access-control/#enable-fine-grained-access-control/).\n\nGrafana Cloud instances have not been affected by the vulnerability.\n\n### Reporting security issues\nIf you think you have found a security vulnerability, please send a report to security@grafana.com. This address can be used for all of Grafana Labs\u0027 open source and commercial products (including, but not limited to Grafana, Grafana Cloud, Grafana Enterprise, and grafana.com). We can accept only vulnerability reports at this address. We would prefer that you encrypt your message to us by using our PGP key. The key fingerprint is\n\nF988 7BEA 027A 049F AE8E 5CAA D125 8932 BE24 C5CA\n\nThe key is available from keyserver.ubuntu.com.\n\n### Security announcements\n\nWe maintain a [security category on our blog](https://grafana.com/tags/security/), where we will always post a summary, remediation, and mitigation details for any patch containing security fixes.\n\nYou can also subscribe to our [RSS feed](https://grafana.com/tags/security/index.xml).",
"id": "GHSA-mpwp-42x6-4wmx",
"modified": "2024-05-14T22:10:36Z",
"published": "2024-05-14T22:10:36Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-mpwp-42x6-4wmx"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41244"
},
{
"type": "PACKAGE",
"url": "https://github.com/grafana/grafana"
},
{
"type": "WEB",
"url": "https://grafana.com/blog/2021/11/15/grafana-8.2.4-released-with-security-fixes"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20211223-0001"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/11/15/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Grafana Fine-grained access control vulnerability"
}
GHSA-MVX7-RQ9V-559V
Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-05-24 19:11In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, there is a possible way to invoke privileged broadcast receivers due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179386960
{
"affected": [],
"aliases": [
"CVE-2021-0591"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-17T19:15:00Z",
"severity": "HIGH"
},
"details": "In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, there is a possible way to invoke privileged broadcast receivers due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179386960",
"id": "GHSA-mvx7-rq9v-559v",
"modified": "2022-05-24T19:11:24Z",
"published": "2022-05-24T19:11:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0591"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2021-08-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-PCW3-37MF-J7J8
Vulnerability from github – Published: 2023-04-18 15:30 – Updated: 2023-04-18 15:30A vulnerability has been found in SourceCodester Student Study Center Desk Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226273 was assigned to this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2023-2152"
],
"database_specific": {
"cwe_ids": [
"CWE-610",
"CWE-73"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-18T14:15:07Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been found in SourceCodester Student Study Center Desk Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226273 was assigned to this vulnerability.",
"id": "GHSA-pcw3-37mf-j7j8",
"modified": "2023-04-18T15:30:18Z",
"published": "2023-04-18T15:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2152"
},
{
"type": "WEB",
"url": "https://github.com/xzz0787/vul/blob/main/README.pdf"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.226273"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.226273"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PH2G-3W43-Q6VP
Vulnerability from github – Published: 2023-08-31 15:30 – Updated: 2023-08-31 15:30Local privilege escalation during recovery due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173.
{
"affected": [],
"aliases": [
"CVE-2022-46868"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-31T15:15:08Z",
"severity": "MODERATE"
},
"details": "Local privilege escalation during recovery due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173.",
"id": "GHSA-ph2g-3w43-q6vp",
"modified": "2023-08-31T15:30:17Z",
"published": "2023-08-31T15:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46868"
},
{
"type": "WEB",
"url": "https://security-advisory.acronis.com/advisories/SEC-2499"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PQVW-C6XW-GPP5
Vulnerability from github – Published: 2022-05-13 01:49 – Updated: 2025-11-25 18:32Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL. Note: this issue only affects Windows operating systems with Outlook installed. Other operating systems are not affected.. This vulnerability affects Firefox ESR < 60.2 and Firefox < 62.
{
"affected": [],
"aliases": [
"CVE-2018-12381"
],
"database_specific": {
"cwe_ids": [
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-18T13:29:00Z",
"severity": "MODERATE"
},
"details": "Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message\u0027s mail columns are incorrectly interpreted as a URL. *Note: this issue only affects Windows operating systems with Outlook installed. Other operating systems are not affected.*. This vulnerability affects Firefox ESR \u003c 60.2 and Firefox \u003c 62.",
"id": "GHSA-pqvw-c6xw-gpp5",
"modified": "2025-11-25T18:32:14Z",
"published": "2022-05-13T01:49:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12381"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1435319"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-20"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-21"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105280"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041610"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-219: XML Routing Detour Attacks
An attacker subverts an intermediate system used to process XML content and forces the intermediate to modify and/or re-route the processing of the content. XML Routing Detour Attacks are Adversary in the Middle type attacks (CAPEC-94). The attacker compromises or inserts an intermediate system in the processing of the XML message. For example, WS-Routing can be used to specify a series of nodes or intermediaries through which content is passed. If any of the intermediate nodes in this route are compromised by an attacker they could be used for a routing detour attack. From the compromised system the attacker is able to route the XML process to other nodes of their choice and modify the responses so that the normal chain of processing is unaware of the interception. This system can forward the message to an outside entity and hide the forwarding and processing from the legitimate processing systems by altering the header information.