Skip to main content
CVE-2023-2710 MEDIUM This Month

The video carousel slider with lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.0.22 due to insufficient. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Video Carousel Slider With Lightbox
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2708 MEDIUM This Month

The Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 1.0.10 due to insufficient input sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Video Gallery
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2740 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Guest Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Guest Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2739 MEDIUM This Month

A vulnerability classified as problematic was found in Gira HomeServer up to 4.12.0.220829 beta. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gira Home Server Firmware
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-2161 MEDIUM This Month

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized read access to the file system when a malicious configuration file is loaded on to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

XXE Opc Factory Server
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-33007 MEDIUM This Month

Jenkins LoadComplete support Plugin 1.0 and earlier does not escape the LoadComplete test name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Loadcomplete Support
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-33006 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Wso2 Oauth
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-33005 MEDIUM This Month

Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Wso2 Oauth
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-33002 MEDIUM This Month

Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Testcomplete Support
NVD
CVSS 3.1
5.4
EPSS
2.4%
CVE-2023-32984 MEDIUM PATCH This Month

Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin's test information pages, resulting in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Testng Results
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-32977 MEDIUM PATCH This Month

Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Pipeline
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-23709 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wpjam Basic
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23703 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Arconix Shortcodes
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23657 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mail Subscribe List
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23641 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Uji Popup
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23676 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Gallery
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-32983 MEDIUM PATCH This Month

Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Ansible
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-32993 MEDIUM PATCH This Month

Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jenkins Information Disclosure Saml Single Sign On
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2023-23720 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Verified Reviews Avis Verifies
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-23727 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Live Chat
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-23673 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS I Recommend This
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-29927 MEDIUM This Month

Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Sage 300
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-30510 MEDIUM This Month

A vulnerability exists in the Aruba EdgeConnect Enterprise web management interface that allows remote authenticated users to issue arbitrary URL requests from the Aruba EdgeConnect Enterprise. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Aruba Edgeconnect Enterprise
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-2631 MEDIUM PATCH This Month

A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins CSRF Code Dx
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-2633 MEDIUM PATCH This Month

Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Code Dx
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-2632 MEDIUM PATCH This Month

Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Code Dx
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-2196 MEDIUM PATCH This Month

A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Path Traversal Code Dx
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2023-33004 MEDIUM This Month

A missing permission check in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers with Overall/Read permission to reset profiler statistics. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Tag Profiler
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-33003 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers to reset profiler statistics. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Tag Profiler
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-32999 MEDIUM PATCH This Month

A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Appspider
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-32996 MEDIUM PATCH This Month

A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Saml Single Sign On
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-32988 MEDIUM PATCH This Month

A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Microsoft Azure Vm Agents
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-32985 MEDIUM PATCH This Month

Jenkins Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Path Traversal Sidebar Link
NVD
CVSS 3.1
4.3
EPSS
72.4%
CVE-2023-32982 MEDIUM PATCH This Month

Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Ansible
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-32980 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Email Extension
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-32979 MEDIUM PATCH This Month

Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Email Extension
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-32978 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins LDAP Plugin allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Lightweight Directory Access Protocol
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-32994 LOW PATCH Monitor

Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 and earlier unconditionally disables SSL/TLS certificate validation for connections to miniOrange or the configured IdP to retrieve SAML metadata, which. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jenkins Information Disclosure Saml Single Sign On
NVD
CVSS 3.1
3.7
EPSS
0.2%
CVE-2023-2195 LOW PATCH Monitor

A cross-site request forgery (CSRF) vulnerability in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins CSRF Code Dx
NVD
CVSS 3.1
3.5
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy