Skip to main content
CVE-2023-29836 MEDIUM POC This Month

Cross Site Scripting vulnerability found in Exelysis Unified Communication Solutions (EUCS) v.1.0 allows a remote attacker to execute arbitrary code via the Username parameter of the eucsAdmin login. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Exelysis Unified Communications Solution
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-30212 MEDIUM POC This Month

OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Ourphp
NVD
CVSS 3.1
6.1
EPSS
8.1%
CVE-2023-30210 MEDIUM POC This Month

OURPHP <= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via ourphp_tz.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Ourphp
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-2294 MEDIUM POC This Month

A vulnerability was found in UCMS 1.6.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Ucms
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-30841 MEDIUM POC PATCH This Month

Baremetal Operator (BMO) is a bare metal host provisioning integration for Kubernetes. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Baremetal Operator
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-26930 MEDIUM POC This Month

Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Xpdf
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-27979 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tooljet
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-2307 MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik prior to 0.104.0.

CSRF Qwik
NVD GitHub VulDB
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-30843 MEDIUM PATCH This Month

Payload is a free and open source headless content management system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Payload
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-31250 MEDIUM PATCH This Month

The file download facility doesn't sufficiently sanitize file paths in certain situations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Drupal
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-30265 MEDIUM This Month

CLTPHP <=6.0 is vulnerable to Directory Traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cltphp
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-26560 MEDIUM This Month

Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cfengine
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-29442 MEDIUM This Month

Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Applications Manager
NVD
CVSS 3.1
6.1
EPSS
9.4%
CVE-2023-22729 MEDIUM PATCH This Month

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Framework
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-30267 MEDIUM This Month

CLTPHP <=6.0 is vulnerable to Cross Site Scripting (XSS) via application/home/controller/Changyan.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Cltphp
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-30111 MEDIUM This Month

Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Medicine Tracker System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-30106 MEDIUM This Month

Sourcecodester Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS) via page=about. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Medicine Tracker System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-1786 MEDIUM PATCH This Month

Sensitive data could be exposed in logs of cloud-init before version 23.1.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Cloud Init Ubuntu Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-29443 MEDIUM This Month

Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Zoho Manageengine Assetexplorer Manageengine Servicedesk Plus Manageengine Servicedesk Plus Msp +1
NVD
CVSS 3.1
4.9
EPSS
3.0%
CVE-2023-0458 MEDIUM PATCH This Month

A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. Rated medium severity (CVSS 4.7). This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
4.7
EPSS
0.7%
CVE-2023-22728 MEDIUM PATCH This Month

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Framework
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy