Skip to main content
CVE-2023-24322 MEDIUM POC THREAT This Month

A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mojoportal
NVD GitHub
CVSS 3.1
6.1
EPSS
31.7%
CVE-2023-22798 MEDIUM POC This Month

Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://github.com/brave/adblock-lists removed redirect interceptors on some websites like Facebook in which the redirect interceptor may. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Adblock Lists
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-0624 MEDIUM POC This Month

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Orangescrum
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-24690 MEDIUM POC This Month

ChurchCRM 4.5.3 and below was discovered to contain a stored cross-site scripting (XSS) vulnerability at /api/public/register/family. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Churchcrm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-24687 MEDIUM POC This Month

Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Company Info Settings component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mojoportal
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-24688 MEDIUM POC This Month

An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to register a new user even if the Allow User Registrations feature is disabled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mojoportal
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-24815 MEDIUM POC PATCH This Month

Vert.x-Web is a set of building blocks for building web applications in the java programming language. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Path Traversal Microsoft Vert X Web
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-24686 MEDIUM POC This Month

An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows attackers to execute arbitrary code via importing a crafted CSV file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Churchcrm
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-24689 MEDIUM POC This Month

An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the "s" parameter in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mojoportal
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-21427 MEDIUM This Month

Improper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker to use NFC without user recognition. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-22797 MEDIUM PATCH This Month

An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Actionpack Rails
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-21434 MEDIUM This Month

Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Galaxy Store
NVD
CVSS 3.1
6.1
EPSS
12.9%
CVE-2023-21446 MEDIUM This Month

Improper input validation in MyFiles prior to version 12.2.09 in Android R(11), 13.1.03.501 in Android S( 12) and 14.1.00.422 in Android T(13) allows local attacker to access data of MyFiles. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-21442 MEDIUM This Month

Improper access control vulnerability in Runestone application prior to version 2.9.09.003 in Android R(11) and 3.2.01.007 in Android S(12) allows local attackers to get device location information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-21441 MEDIUM This Month

Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30.6 in Android Q(10), 3.1.21.10 in Android R(11) and 3.5.2.23 in Android S(12) allows local attacker to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21440 MEDIUM This Month

Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-21437 MEDIUM This Month

Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-21435 MEDIUM This Month

Exposure of Sensitive Information vulnerability in Fingerprint TA prior to SMR Feb-2023 Release 1 allows attackers to access the memory address information via log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-21426 MEDIUM This Month

Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-21425 MEDIUM This Month

Improper access control vulnerability in telecom application prior to SMR JAN-2023 Release 1 allows local attackers to get sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-21423 MEDIUM This Month

Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21422 MEDIUM This Month

Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy