Skip to main content
CVE-2023-33599 MEDIUM POC This Month

EasyImages2.0 ≤ 2.8.1 is vulnerable to Cross Site Scripting (XSS) via viewlog.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Easyimages2 0
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-27922 MEDIUM POC This Month

Cross-site scripting vulnerability in Newsletter versions prior to 7.6.9 allows a remote unauthenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Newsletter
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-31664 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Api Manager
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-31518 MEDIUM POC This Month

A heap use-after-free in the component CDataFileReader::GetItem of teeworlds v0.7.5 allows attackers to cause a Denial of Service (DoS) via a crafted map file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Teeworlds
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-31669 MEDIUM POC This Month

WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote ("). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Webassembly Binary Toolkit
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-31860 MEDIUM POC This Month

Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wuzhicms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-25440 MEDIUM POC This Month

Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Civicrm
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
2.5%
CVE-2023-2844 MEDIUM POC PATCH This Month

Authorization Bypass Through User-Controlled Key in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Cloudexplorer Lite
NVD GitHub
CVSS 3.1
4.9
EPSS
0.7%
CVE-2023-33359 MEDIUM POC This Month

Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery (CSRF) in the "add tags" function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Piwigo
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-31708 MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Eyoucms
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-28390 MEDIUM This Month

Privilege escalation vulnerability in SR-7100VN firmware Ver.1.38(N) and earlier and SR-7100VN #31 firmware Ver.1.21 and earlier allows a network-adjacent attacker with administrative privilege of. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Sr 7100Vn Firmware Sr 7100Vn 31 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-27921 MEDIUM This Month

JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cryptographic key, which may lead to data acquired by a sensor of the affected product being decrypted by a network-adjacent. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jins Meme Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-26595 MEDIUM This Month

Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Garoon
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-30469 MEDIUM This Month

Cross-site Scripting vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component) allows Reflected XSS.9.1-00 before 10.9.2-00. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ops Center Analyzer
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-1209 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Servicenow
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-28367 MEDIUM This Month

Cross-site scripting vulnerability in CTA post function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Vk All In One Expansion Unit
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-27926 MEDIUM This Month

Cross-site scripting vulnerability in Profile setting function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Vk All In One Expansion Unit
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-27925 MEDIUM This Month

Cross-site scripting vulnerability in Post function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Vk Blocks
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-27923 MEDIUM This Month

Cross-site scripting vulnerability in Tag edit function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Vk Blocks
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-22654 MEDIUM This Month

Client-side enforcement of server-side security issue exists in T&D Corporation and ESPEC MIC CORP. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tr 71W Firmware Tr 72W Firmware Rtr 5W Firmware Wdr 7 Firmware +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-31995 MEDIUM This Month

Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ane L6012R Firmware Ane L7012R Firmware Ano L6012R Firmware Ano L6022R Firmware +114
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-28015 MEDIUM This Month

The HCL Domino AppDev Pack IAM service is susceptible to a User Account Enumeration vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Domino Appdev Pack
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-23545 MEDIUM This Month

Missing authentication for critical function exists in T&D Corporation and ESPEC MIC CORP. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tr 71W Firmware Tr 72W Firmware Rtr 5W Firmware Wdr 7 Firmware +6
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-31994 MEDIUM This Month

Certain Hanwha products are vulnerable to Denial of Service (DoS). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Arn 1610S Firmware Ane L6012R Firmware Ane L7012R Firmware Ano L6012R Firmware Ano L6022R Firmware +426
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-27920 MEDIUM This Month

Improper access control vulnerability in the system date/time setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Sv Cpt Mc310F Firmware Sv Cpt Mc310 Firmware
NVD
CVSS 3.1
4.3
EPSS
1.8%
CVE-2023-27384 MEDIUM This Month

Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-27304 MEDIUM This Month

Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy