Skip to main content
CVE-2023-24195 MEDIUM POC This Month

Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Food Ordering System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-24197 MEDIUM POC This Month

Online Food Ordering System v2 was discovered to contain a SQL injection vulnerability via the id parameter at view_order.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS SQLi PHP Online Food Ordering System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-24194 MEDIUM POC This Month

Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in navbar.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Food Ordering System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-24192 MEDIUM POC This Month

Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in login.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Food Ordering System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-24191 MEDIUM POC This Month

Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in signup.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Food Ordering System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-0236 MEDIUM POC This Month

The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the reset_key and user_id parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Tutor Lms
NVD WPScan
CVSS 3.1
6.1
EPSS
1.3%
CVE-2022-48085 MEDIUM POC This Month

Softr v2.0 was discovered to contain a HTML injection vulnerability via the Work Space Name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Softr
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-2933 MEDIUM POC This Month

The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF 0Mk Shortener
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-0282 MEDIUM POC This Month

The YourChannel WordPress plugin before 1.2.2 does not sanitize and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Yourchannel
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0252 MEDIUM POC This Month

The Contextual Related Posts WordPress plugin before 3.3.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Contextual Related Posts
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0178 MEDIUM POC This Month

The Annual Archive WordPress plugin before 1.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Annual Archive
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0176 MEDIUM POC This Month

The Giveaways and Contests by RafflePress WordPress plugin before 1.11.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Giveaways And Contests By Rafflepress
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0174 MEDIUM POC This Month

The WP VR WordPress plugin before 8.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Vr
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0173 MEDIUM POC This Month

The Drag & Drop Sales Funnel Builder for WordPress plugin before 2.6.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Drag Drop Sales Funnel Builder
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0171 MEDIUM POC This Month

The jQuery T(-) Countdown Widget WordPress plugin before 2.3.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Jquery T Countdown Widget
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0170 MEDIUM POC This Month

The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Html5 Audio Player
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0154 MEDIUM POC This Month

The GamiPress WordPress plugin before 1.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gamipress
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-0153 MEDIUM POC This Month

The Vimeo Video Autoplay Automute WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Vimeo Video Autoplay Automute
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0150 MEDIUM POC This Month

The Cloak Front End Email WordPress plugin before 1.9.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Cloak Front End Email
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0149 MEDIUM POC This Month

The WordPrezi WordPress plugin before 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wordprezi
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-0148 MEDIUM POC This Month

The Gallery Factory Lite WordPress plugin through 2.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gallery Factory Lite
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-0147 MEDIUM POC This Month

The Flexible Captcha WordPress plugin through 4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Flexible Captcha
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0146 MEDIUM POC This Month

The Naver Map WordPress plugin through 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Naver Map
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0144 MEDIUM POC This Month

The Event Manager and Tickets Selling Plugin for WooCommerce WordPress plugin before 3.8.0 does not validate and escape some of its post meta before outputting them back in a page/post, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Event Manager And Tickets Selling For Woocommerce
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0143 MEDIUM POC This Month

The Send PDF for Contact Form 7 WordPress plugin before 0.9.9.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Send Pdf For Contact Form 7
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0096 MEDIUM POC This Month

The Happyforms WordPress plugin before 1.22.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Happyforms
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0095 MEDIUM POC This Month

The Page View Count WordPress plugin before 2.6.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Page View Count
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0082 MEDIUM POC This Month

The ExactMetrics WordPress plugin before 7.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Exactmetrics
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0081 MEDIUM POC This Month

The MonsterInsights WordPress plugin before 8.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Monsterinsights
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0072 MEDIUM POC This Month

The WC Vendors Marketplace WordPress plugin before 2.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wc Vendors Marketplace
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-0070 MEDIUM POC This Month

The ResponsiveVoice Text To Speech WordPress plugin before 1.7.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Responsivevoice Text To Speech
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0062 MEDIUM POC This Month

The EAN for WooCommerce WordPress plugin before 4.4.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ean For Woocommerce
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-23943 MEDIUM POC PATCH This Month

Nextcloud mail is an email app for the nextcloud home server platform. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

SSRF Nextcloud Mail
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2023-20619 MEDIUM This Month

In vcu, there is a possible memory corruption due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20618 MEDIUM This Month

In vcu, there is a possible memory corruption due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20616 MEDIUM This Month

In ion, there is a possible out of bounds read due to type confusion. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20615 MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20614 MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20613 MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20612 MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20604 MEDIUM This Month

In ged, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20602 MEDIUM This Month

In ged, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-23944 MEDIUM PATCH This Month

Nextcloud mail is an email app for the nextcloud home server platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nextcloud Mail
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-20611 MEDIUM This Month

In gpu, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Denial Of Service Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-20610 MEDIUM This Month

In display drm, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-20608 MEDIUM This Month

In display drm, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Use After Free Privilege Escalation Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-20607 MEDIUM This Month

In ccu, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-23849 MEDIUM This Month

Versions of Coverity Connect prior to 2022.12.0 are vulnerable to an unauthenticated Cross-Site Scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Coverity
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2023-23942 MEDIUM PATCH This Month

The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Nextcloud Desktop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-0615 MEDIUM This Month

A memory leak flaw and potential divide by zero and Integer overflow was found in the Linux kernel V4L2 and vivid test code functionality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy