Skip to main content
CVE-2023-27054 MEDIUM POC PATCH This Month

A cross-site scripting (XSS) vulnerability in MiroTalk P2P before commit f535b35 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Mirotalk P2P
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-1573 MEDIUM POC This Month

A vulnerability was found in DataGear up to 1.11.1 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Datagear
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-26913 MEDIUM POC This Month

EVOLUCARE ECSIMAGING (aka ECS Imaging) < 6.21.5 is vulnerable to Cross Site Scripting (XSS) via new_movie. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ecs Imaging
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-1567 MEDIUM POC This Month

A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Student Study Center Desk Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-27754 MEDIUM POC This Month

vox2mesh 1.0 has stack-overflow in main.cpp, this is stack-overflow caused by incorrect use of memcpy() funciton. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Vox2Mesh
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-1570 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in syoyo tinydng. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Tinydng
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-1560 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in TinyTIFF 3.0.0.0.c of the component File Handler. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tinytiff
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-28666 MEDIUM POC This Month

The InPost Gallery WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'imgurl' parameter to the add_inpost_gallery_slide_item action, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Inpost Gallery
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-28665 MEDIUM POC This Month

The Woo Bulk Price Update WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'page' parameter to the techno_get_products action, which can. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Bulk Price Update For Woocommerce
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2023-28664 MEDIUM POC This Month

The Meta Data and Taxonomies Filter WordPress plugin, in versions < 1.3.1, is affected by a reflected cross-site scripting vulnerability in the 'tax_name' parameter of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wordpress Meta Data And Taxonomies Filter
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-1569 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester E-Commerce System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS E Commerce System
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1568 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Student Study Center Desk Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Student Study Center Desk Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-1572 MEDIUM POC PATCH This Month

A vulnerability has been found in DataGear up to 1.11.1 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Datagear
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1565 MEDIUM POC This Month

A vulnerability was found in FeiFeiCMS 2.7.130201. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Feifeicms
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-28005 MEDIUM This Month

A vulnerability in Trend Micro Endpoint Encryption Full Disk Encryption version 6.0.0.3204 and below could allow an attacker with physical access to an affected device to bypass Microsoft Windows�. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Trend Micro Microsoft Trend Micro Endpoint Encryption
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2023-0870 MEDIUM PATCH This Month

A form can be manipulated with cross-site request forgery in multiple versions of OpenNMS Meridian and Horizon. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Horizon Meridian
NVD GitHub
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-28117 MEDIUM PATCH This Month

Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Python Denial Of Service Sentry Software Development Kit
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-25591 MEDIUM This Month

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Clearpass Policy Manager
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-28439 MEDIUM This Month

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Ckeditor Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-25593 MEDIUM This Month

Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Clearpass Policy Manager
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-25592 MEDIUM This Month

Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Clearpass Policy Manager
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-25862 MEDIUM This Month

Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Illustrator
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-25595 MEDIUM This Month

A vulnerability exists in the ClearPass OnGuard Ubuntu agent that allows for an attacker with local Ubuntu instance access to potentially obtain sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Ubuntu Authentication Bypass Clearpass Policy Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-22269 MEDIUM This Month

Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-22266 MEDIUM This Month

Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-22265 MEDIUM This Month

Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-22264 MEDIUM This Month

Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-22263 MEDIUM This Month

Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-22262 MEDIUM This Month

Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-22261 MEDIUM This Month

Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-22260 MEDIUM This Month

Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-22259 MEDIUM This Month

Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-22258 MEDIUM This Month

Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-22257 MEDIUM This Month

Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-22256 MEDIUM This Month

Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-22254 MEDIUM This Month

Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-22253 MEDIUM This Month

Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-22252 MEDIUM This Month

Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-21616 MEDIUM This Month

Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-21615 MEDIUM This Month

Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-28083 MEDIUM This Month

A remote Cross-site Scripting vulnerability was discovered in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Integrated Lights Out 4 Integrated Lights Out 5 Integrated Lights Out 6
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-22271 MEDIUM This Month

Experience Manager versions 6.5.15.0 (and earlier) are affected by a Weak Cryptography for Passwords vulnerability that can lead to a security feature bypass. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-25688 MEDIUM PATCH This Month

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Security Key Lifecycle Manager
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-25596 MEDIUM This Month

A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Clearpass Policy Manager
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2023-28708 MEDIUM PATCH This Month

When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Apache Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.8%
CVE-2023-1562 MEDIUM This Month

Mattermost fails to check the "Show Full Name" setting when rendering the result for the /plugins/focalboard/api/v2/users API call, allowing an attacker to learn the full name of a board owner. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-28114 MEDIUM PATCH This Month

`cilium-cli` is the command line interface to install, manage, and troubleshoot Kubernetes clusters running Cilium. Rated medium severity (CVSS 4.1), this vulnerability is low attack complexity.

Kubernetes Information Disclosure Cilium Cli
NVD GitHub
CVSS 3.1
4.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy