Skip to main content
CVE-2023-25241 MEDIUM POC This Month

bgERP v22.31 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bgerp
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-24648 MEDIUM POC This Month

Zstore v6.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Zstore
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-24086 MEDIUM POC This Month

SLIMS v9.5.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /customs/loan_by_class.php?reportView. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Slims
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-0099 MEDIUM POC This Month

The Simple URLs WordPress plugin before 115 does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Urls
NVD WPScan
CVSS 3.1
6.1
EPSS
1.7%
CVE-2022-45724 MEDIUM POC This Month

Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cf Wr610N Firmware
NVD VulDB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-0804 MEDIUM POC PATCH This Month

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Libtiff
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-0803 MEDIUM POC PATCH This Month

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Libtiff
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-0802 MEDIUM POC PATCH This Month

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Libtiff
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-0801 MEDIUM POC PATCH This Month

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Libtiff
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-0800 MEDIUM POC PATCH This Month

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Libtiff
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-0799 MEDIUM POC PATCH This Month

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Buffer Overflow Memory Corruption Libtiff
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-0798 MEDIUM POC PATCH This Month

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libtiff
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-0797 MEDIUM POC PATCH This Month

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libtiff
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-0796 MEDIUM POC PATCH This Month

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libtiff
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-0795 MEDIUM POC PATCH This Month

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libtiff
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-0818 MEDIUM POC PATCH This Month

Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-24619 MEDIUM POC This Month

Redpanda before 22.3.12 discloses cleartext AWS credentials. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Redpanda
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-23948 MEDIUM POC This Month

The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google SQLi Owncloud Client
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-25572 MEDIUM POC PATCH This Month

react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Ra Ui Materialui React Admin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-0810 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.11. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Btcpayserver
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0379 MEDIUM POC This Month

The Spotlight Social Feeds WordPress plugin before 1.4.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Spotlight Social Feeds
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0373 MEDIUM POC This Month

The Lightweight Accordion WordPress plugin before 1.5.15 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Lightweight Accordion
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0362 MEDIUM POC This Month

Themify Portfolio Post WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Portfolio Post
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0360 MEDIUM POC This Month

The Location Weather WordPress plugin before 1.3.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Location Weather
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0333 MEDIUM POC This Month

The TemplatesNext ToolKit WordPress plugin before 3.2.9 does not validate some of its shortcode attributes before using them to generate an HTML tag, which could allow users with the contributor role. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Templatesnext Toolkit
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0275 MEDIUM POC This Month

The Easy Accept Payments for PayPal WordPress plugin before 4.9.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Easy Accept Payments For Paypal
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0270 MEDIUM POC This Month

The YaMaps for WordPress Plugin WordPress plugin before 0.6.26 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Yamaps
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0177 MEDIUM POC This Month

The Social Like Box and Page by WpDevArt WordPress plugin before 0.8.41 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Social Like Box And Page
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0169 MEDIUM POC This Month

The Zoho Forms WordPress plugin before 3.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Zoho Zoho Forms
NVD WPScan
CVSS 3.1
5.4
EPSS
1.6%
CVE-2023-0166 MEDIUM POC This Month

The Product Slider for WooCommerce by PickPlugins WordPress plugin before 1.13.42 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Product Slider For Woocommerce
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0151 MEDIUM POC This Month

The uTubeVideo Gallery WordPress plugin before 2.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Utubevideo Gallery
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0075 MEDIUM POC This Month

The Amazon JS WordPress plugin through 0.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Amazonjs
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0061 MEDIUM POC This Month

The Judge.me Product Reviews for WooCommerce WordPress plugin before 1.3.21 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Product Reviews For Woocommerce
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0060 MEDIUM POC This Month

The Responsive Gallery Grid WordPress plugin before 2.3.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Responsive Gallery Grid
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0034 MEDIUM POC This Month

The JetWidgets For Elementor WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Jetwidgets For Elementor
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-25162 MEDIUM POC This Month

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-24804 MEDIUM POC This Month

The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Google Information Disclosure Owncloud Client
NVD GitHub
CVSS 3.1
4.4
EPSS
0.5%
CVE-2023-0405 MEDIUM POC This Month

The GPT AI Power: Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training WordPress plugin before 1.4.38 does not perform any kind of nonce or privilege checks before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Gpt Ai Power
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-0808 MEDIUM This Month

A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Inverter Firmware
NVD VulDB
CVSS 3.1
6.8
EPSS
0.2%
CVE-2023-23553 MEDIUM This Month

Control By Web X-400 devices are vulnerable to a cross-site scripting attack, which could result in private and session information being transferred to the attacker. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS X 400 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-22367 MEDIUM This Month

Ichiran App for iOS versions prior to 3.1.0 and Ichiran App for Android versions prior to 3.1.0 improperly verify server certificates, which may allow a remote unauthenticated attacker to eavesdrop. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Apple Google Ichiran
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2023-25727 MEDIUM PATCH This Month

In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpmyadmin
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2023-25161 MEDIUM PATCH This Month

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-25160 MEDIUM PATCH This Month

Nextcloud Mail is an email app for the Nextcloud home server platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Nextcloud Mail
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-25159 MEDIUM This Month

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document collaboration app for the same platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Nextcloud Nextcloud Server Richdocuments
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy