Skip to main content
CVE-2023-1795 MEDIUM POC This Month

A vulnerability was found in SourceCodester Gadget Works Online Ordering System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Gadget Works Online Ordering System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-1794 MEDIUM POC This Month

A vulnerability was found in SourceCodester Police Crime Record Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Police Crime Record Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-1799 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in EyouCMS up to 1.5.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Eyoucms
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-1798 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in EyouCMS up to 1.5.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Eyoucms
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-1796 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Employee Payslip Generator 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Employee Payslip Generator System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-28684 MEDIUM This Month

Jenkins remote-jobs-view-plugin Plugin 0.0.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Remote Jobs View
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-28672 MEDIUM PATCH This Month

Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Octoperf Load Testing
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-1603 MEDIUM This Month

Permission bypass when importing or synchronizing entries in User vault in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Devolutions Server
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-1574 MEDIUM This Month

Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Remote Desktop Manager
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-1202 MEDIUM This Month

Permission bypass when importing or synchronizing entries in User vault in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Remote Desktop Manager
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-28679 MEDIUM This Month

Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression, resulting in a stored cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Mashup Portlets
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-28678 MEDIUM This Month

Jenkins Cppcheck Plugin 1.26 and earlier does not escape file names from Cppcheck report files before showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Cppcheck
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-28670 MEDIUM PATCH This Month

Jenkins Pipeline Aggregator View Plugin 1.13 and earlier does not escape a variable representing the current view's URL in inline JavaScript, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Pipeline Aggregator View
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-28669 MEDIUM PATCH This Month

Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Jacoco
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-26283 MEDIUM PATCH This Month

IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-28675 MEDIUM PATCH This Month

A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Octoperf Load Testing
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-28673 MEDIUM PATCH This Month

A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Octoperf Load Testing
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-28671 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Octoperf Load Testing
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy