Skip to main content
CVE-2023-31140 MEDIUM POC PATCH This Month

OpenProject is open source project management software. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Openproject
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-0522 MEDIUM POC This Month

The Enable/Disable Auto Login when Register WordPress plugin through 1.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Enable Disable Auto Login When Register
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-30334 MEDIUM POC PATCH This Month

AsmBB v2.9.1 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the MiniMag.asm and bbcode.asm libraries. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Asmbb
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-2582 MEDIUM POC This Month

A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross-site scripting (XSS) in affected applications and sites built with Strikingly. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Prototype Pollution Strikingly
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-1806 MEDIUM POC This Month

The WP Inventory Manager WordPress plugin before 2.1.0.12 does not sanitise and escape the message parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Inventory Manager
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-1660 MEDIUM POC This Month

The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Wpbot
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-1011 MEDIUM POC This Month

The AI ChatBot WordPress plugin before 4.4.5 does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing attackers to make a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Wpbot
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-0948 MEDIUM POC This Month

The Japanized For WooCommerce WordPress plugin before 2.5.8 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Japanized For Woocommerce
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-0514 MEDIUM POC This Month

The Membership Database WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Membership Database
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-0421 MEDIUM POC This Month

The Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Cloud Manager
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-30790 MEDIUM POC This Month

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/relationships` endpoint and first_name and last_name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Monica
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-30789 MEDIUM POC This Month

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/work` endpoint and job and company parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Monica
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-30788 MEDIUM POC This Month

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people/add` endpoint and nickName, description, lastName, middleName and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Monica
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-30787 MEDIUM POC This Month

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/introductions` endpoint and first_met_additional_info parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Monica
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-30860 MEDIUM POC PATCH This Month

WWBN AVideo is an open source video platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Avideo
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-1905 MEDIUM POC This Month

The WP Popups WordPress plugin before 2.1.5.1 does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Popups
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-1651 MEDIUM POC This Month

The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Wpbot
NVD WPScan
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-0542 MEDIUM POC This Month

The Custom Post Type List Shortcode WordPress plugin through 1.4.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Custom Post Type List Shortcode
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0537 MEDIUM POC This Month

The Product Slider For WooCommerce Lite WordPress plugin through 1.1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Product Slider For Woocommerce
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0536 MEDIUM POC This Month

The Wp-D3 WordPress plugin through 2.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp D3
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0526 MEDIUM POC This Month

The Post Shortcode WordPress plugin through 2.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Post Shortcode
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0280 MEDIUM POC This Month

The Ultimate Carousel For Elementor WordPress plugin through 2.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ultimate Carousel For Elementor
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0268 MEDIUM POC This Month

The Mega Addons For WPBakery Page Builder WordPress plugin before 4.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Mega Addons For Wpbakery Page Builder
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0267 MEDIUM POC This Month

The Ultimate Carousel For WPBakery Page Builder WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ultimate Carousel For Wpbakery Page Builder
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-30019 MEDIUM POC PATCH This Month

imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Imgproxy
NVD GitHub
CVSS 3.1
5.3
EPSS
2.2%
CVE-2023-1649 MEDIUM POC This Month

The AI ChatBot WordPress plugin before 4.5.1 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpbot
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-0894 MEDIUM POC This Month

The Pickup | Delivery | Dine-in date time WordPress plugin through 1.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pickup Delivery Dine In Date Time
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-0544 MEDIUM POC This Month

The WP Login Box WordPress plugin through 2.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Login Box
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-2566 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Openemr
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-2513 MEDIUM PATCH This Month

A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel +1
NVD GitHub
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-27933 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple Ipados +4
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-31125 MEDIUM PATCH This Month

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Node.js Information Disclosure Engine Io
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-2478 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 before 15.10.6, all versions starting from 15.11 before 15.11.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
5.0%
CVE-2023-28182 MEDIUM This Month

The issue was addressed with improved authentication. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-28180 MEDIUM This Month

A denial-of-service issue was addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-27954 MEDIUM This Month

The issue was addressed by removing origin information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Safari Ipados Iphone Os +4
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-23528 MEDIUM This Month

An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple Ipados Iphone Os +1
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-1979 MEDIUM PATCH This Month

The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting content with a password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

WordPress Authentication Bypass Web Stories
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-27966 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2023-27945 MEDIUM This Month

This issue was addressed with improved entitlements. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple Xcode
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2023-22710 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Return And Warranty Management System For Woocommerce
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-31183 MEDIUM This Month

Cybonet PineApp Mail Secure A reflected cross-site scripting (XSS) vulnerability was identified in the product, using an unspecified endpoint. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pineapp Mail Secure
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-31180 MEDIUM This Month

WJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - Reflected cross-site scripting (RXSS) through an unspecified request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Innokb
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-31141 MEDIUM PATCH This Month

OpenSearch is open-source software suite for search, analytics, and observability applications. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Opensearch Opensearch Security
NVD GitHub
CVSS 3.1
5.9
EPSS
0.5%
CVE-2023-28200 MEDIUM This Month

A validation issue was addressed with improved input sanitization. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-28192 MEDIUM This Month

A permissions issue was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28190 MEDIUM This Month

A privacy issue was addressed by moving sensitive data to a more secure location. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28189 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28178 MEDIUM This Month

A logic issue was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-27962 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy