Skip to main content
CVE-2023-22933 MEDIUM POC This Month

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the ‘layoutPanel’ attribute in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Splunk XSS Splunk Cloud Platform
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-0827 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 1.5.17. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
3.0%
CVE-2023-0830 MEDIUM POC THREAT This Month

A vulnerability classified as critical has been found in EasyNAS 1.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Easynas
NVD GitHub VulDB Exploit-DB
CVSS 4.0
5.3
EPSS
20.9%
CVE-2023-21694 MEDIUM PATCH This Month

Windows Fax Service Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 +12
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2023-0814 MEDIUM PATCH This Month

The Profile Builder - User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosure via the [user_meta] shortcode in versions up to, and including. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure WordPress Profile Builder
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-23382 MEDIUM PATCH This Month

Azure Machine Learning Compute Instance Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Azure Machine Learning
NVD
CVSS 3.1
6.5
EPSS
3.1%
CVE-2023-21807 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-21721 MEDIUM PATCH This Month

Microsoft OneNote Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Microsoft Authentication Bypass Onenote
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-21572 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-24528 MEDIUM This Month

SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) - version 600, allows an authenticated attacker to exploit a certain misconfigured application endpoint to view sensitive data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Authentication Bypass Fiori
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-24524 MEDIUM This Month

SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass S 4Hana
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-0019 MEDIUM This Month

In SAP GRC (Process Control) - versions GRCFND_A V1200, GRCFND_A V8100, GRCPINW V1100_700, GRCPINW V1100_731, GRCPINW V1200_750, remote-enabled function module in the proprietary SAP solution enables. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Grc Process Control
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-22936 MEDIUM This Month

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk SSRF Splunk Cloud Platform
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2023-22932 MEDIUM This Month

In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Splunk XSS Splunk Cloud Platform
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-25614 MEDIUM This Month

SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allow an unauthenticated attacker to inject the code that can be executed. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Netweaver Application Server Abap
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-24529 MEDIUM This Month

Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Netweaver As Abap Business Server Pages
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-24522 MEDIUM This Month

Due to insufficient input sanitization, SAP NetWeaver AS ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, allows an unauthenticated user to alter the current session of the user by. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Netweaver Application Server Abap
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-24521 MEDIUM This Month

Due to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Framework) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an unauthenticated user to alter the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Netweaver As Abap Business Server Pages
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-23860 MEDIUM This Month

SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a link, which when clicked by an unsuspecting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Netweaver Application Server Abap
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-23859 MEDIUM This Month

SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a malicious link, which when clicked by an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Netweaver Application Server Abap
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-23858 MEDIUM This Month

Due to insufficient input validation, SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to send a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure XSS Netweaver Application Server Abap
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-23853 MEDIUM This Month

An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Netweaver Application Server Abap
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-23852 MEDIUM This Month

SAP Solution Manager (System Monitoring) - version 720, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Solution Manager
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-22376 MEDIUM This Month

Reflected cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to inject arbitrary script to inject an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cs Wmv02G Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-21693 MEDIUM PATCH This Month

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 Windows 10 1607 +11
NVD
CVSS 3.1
5.7
EPSS
1.4%
CVE-2023-22940 MEDIUM This Month

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk Information Disclosure Splunk Cloud Platform
NVD
CVSS 3.1
5.7
EPSS
0.4%
CVE-2023-21567 MEDIUM PATCH This Month

Visual Studio Denial of Service Vulnerability. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity.

Denial Of Service Visual Studio 2017 Visual Studio 2019 Visual Studio 2022
NVD
CVSS 3.1
5.6
EPSS
0.8%
CVE-2023-22490 MEDIUM PATCH This Month

Git is a revision control system. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Git
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2023-21714 MEDIUM PATCH This Month

Microsoft Office Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft 365 Apps Office Long Term Servicing Channel
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2023-21697 MEDIUM PATCH This Month

Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Microsoft Windows 10 Windows 10 1607 +8
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-21687 MEDIUM PATCH This Month

HTTP.sys Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Windows 11 21H2 Windows 11 22h2 Windows Server 2022
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-24377 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.3 versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ecwid Ecommerce Shopping Cart
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-21573 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-21571 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-21570 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-25571 MEDIUM PATCH This Month

Backstage is an open platform for building developer portals. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Backstage Catalog Model Backstage Core Components Backstage Plugin Catalog Backend
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-24525 MEDIUM This Month

SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Customer Relationship Management Webclient Ui S4Fnd
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-23856 MEDIUM This Month

In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some calls return json with wrong content type in the header of the response. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Business Objects Business Intelligence Platform
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-23855 MEDIUM This Month

SAP Solution Manager - version 720, allows an authenticated attacker to redirect users to a malicious site due to insufficient URL validation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Open Redirect Solution Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-23854 MEDIUM This Month

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, does not perform necessary authorization checks for an authenticated user, resulting in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver Application Server Abap
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-23851 MEDIUM This Month

SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files (including web pages) without the proper file format validation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP File Upload Business Planning And Consolidation
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-0025 MEDIUM This Month

SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Solution Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-0024 MEDIUM This Month

SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Solution Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-21720 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Tampering Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Buffer Overflow Google Microsoft Edge Chromium
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2023-21699 MEDIUM PATCH This Month

Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 Windows 10 1607 +8
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2023-22943 MEDIUM This Month

In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Splunk Information Disclosure Add On Builder Cloudconnect Software Development Kit
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-0655 MEDIUM This Month

SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes sensitive information about users email addresses. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sonicwall Email Security
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-22370 MEDIUM This Month

Stored cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a network-adjacent authenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Cs Wmv02G
NVD
CVSS 3.1
5.2
EPSS
0.3%
CVE-2023-21722 MEDIUM PATCH This Month

.NET Framework Denial of Service Vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.

Denial Of Service Net Framework
NVD
CVSS 3.1
5.0
EPSS
0.9%
CVE-2023-21794 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Google Authentication Bypass Edge Chromium
NVD
CVSS 3.1
4.3
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy