Skip to main content
CVE-2023-28153 MEDIUM POC This Month

An issue was discovered in the Kiddoware Kids Place Parental Control application before 3.8.50 for Android. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Google Kiddoware
NVD
CVSS 3.1
6.4
EPSS
0.5%
CVE-2023-2954 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository liangliangyy/djangoblog prior to master. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Djangoblog
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-32687 MEDIUM PATCH This Month

tgstation-server is a toolset to manage production BYOND servers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Tgstation Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-24603 MEDIUM This Month

OX App Suite before backend 7.10.6-rev37 does not check size limits when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ox App Suite
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-27613 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Forms Ada
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-24602 MEDIUM This Month

OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ox App Suite
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-24601 MEDIUM This Month

OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app deeplink such as the jslob API's registry sub-tree. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ox App Suite
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-23699 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Progress Bar
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-30571 MEDIUM This Month

Libarchive through 3.6.2 can cause directories to have world-writable permissions. Rated medium severity (CVSS 5.3). No vendor patch available.

Race Condition Information Disclosure Libarchive
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-2808 MEDIUM This Month

Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-24597 MEDIUM This Month

OX App Suite before frontend 7.10.6-rev24 allows the loading (without user consent) of an e-mail message's remote resources during printing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ox App Suite
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-32072 MEDIUM PATCH This Month

Tuleap is an open source tool for end to end traceability of application and system developments. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Jenkins XSS Tuleap
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-24604 MEDIUM This Month

OX App Suite before backend 7.10.6-rev37 does not check HTTP header lengths when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of header data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ox App Suite
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-24600 MEDIUM This Month

OX App Suite before backend 7.10.6-rev37 allows authenticated users to bypass access controls (for reading contacts) via a move to their own address book. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ox App Suite
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-24599 MEDIUM This Month

OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka "ID confusion.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Ox App Suite
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-24598 MEDIUM This Month

OX App Suite before backend 7.10.6-rev37 has an information leak in the handling of distribution lists, e.g., partial disclosure of the private contacts of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ox App Suite
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-24605 MEDIUM This Month

OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all endpoints, e.g., reading from a drive, reading contact data, and renaming tokens. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Ox App Suite
NVD
CVSS 3.1
4.2
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy