Skip to main content
CVE-2023-27167 MEDIUM POC This Month

Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/absence?search_month=1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Biostar 2
NVD Exploit-DB VulDB
CVSS 3.1
6.5
EPSS
7.5%
CVE-2023-25809 MEDIUM POC PATCH This Month

runc is a CLI tool for spawning and running containers according to the OCI specification. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Docker Runc
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2023-1686 MEDIUM POC This Month

A vulnerability was found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Young Entrepreneur E Negosyo System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-1704 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.20. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-1703 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1702 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-1701 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.20. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-26982 MEDIUM POC This Month

Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Trudesk
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2023-22705 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Welcart E Commerce
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-26292 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cloud Security Gateway Web Security
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-26291 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cloud Security Gateway Web Security
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-26290 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cloud Security Gateway Web Security
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-1690 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Earnings and Expense Tracker App 1.0.php?a=register_user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Earnings And Expense Tracker App
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-1689 MEDIUM This Month

A vulnerability classified as problematic was found in SourceCodester Earnings and Expense Tracker App 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Earnings And Expense Tracker App
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-1688 MEDIUM This Month

A vulnerability classified as problematic has been found in SourceCodester Earnings and Expense Tracker App 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Earnings And Expense Tracker Application
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-1687 MEDIUM This Month

A vulnerability classified as problematic has been found in SourceCodester Simple Task Allocation System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Task Allocation System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-1575 MEDIUM This Month

The Mega Main Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 2.2.2 due to insufficient input sanitization. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Mega Main Menu
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-1550 MEDIUM This Month

Insertion of Sensitive Information into log file vulnerability in NGINX Agent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nginx Nginx Agent Nginx Instance Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-27489 MEDIUM PATCH This Month

Kiwi TCMS is an open source test management system for both manual and automated testing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Kiwi Tcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-28158 MEDIUM PATCH This Month

Privilege escalation via stored XSS using the file upload service to upload malicious content. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation File Upload XSS Archiva
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2023-1663 MEDIUM This Month

Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Authentication Bypass Coverity
NVD
CVSS 3.1
5.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy