Skip to main content
CVE-2023-33409 MEDIUM POC This Month

Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via minical/public/application/controllers/settings/company.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Minical
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-33970 MEDIUM POC PATCH This Month

Kanboard is open source project management software that focuses on the Kanban methodology. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-33956 MEDIUM POC PATCH This Month

Kanboard is open source project management software that focuses on the Kanban methodology. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Kanboard
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-33690 MEDIUM POC PATCH This Month

SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker injects special characters into the filename of a backup CMS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Sonicjs
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-2572 MEDIUM POC This Month

The Survey Maker WordPress plugin before 3.4.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Survey Maker
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2571 MEDIUM POC This Month

The Quiz Maker WordPress plugin before 6.4.2.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Quiz Maker
NVD WPScan
CVSS 3.1
6.1
EPSS
2.1%
CVE-2023-2503 MEDIUM POC This Month

The 10Web Social Post Feed WordPress plugin before 1.2.9 does not sanitise and escape some parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS 10Web Social Post Feed
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2488 MEDIUM POC This Month

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Stop Spammers
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2472 MEDIUM POC This Month

The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.61 does not sanitise and escape a parameter before outputting it back in the admin dashboard when. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Newsletter Smtp Email Marketing And Subscribe
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2337 MEDIUM POC This Month

The ConvertKit WordPress plugin before 2.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Convertkit Email Marketing Email Newsletter And Landing Pages
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-33693 MEDIUM POC PATCH This Month

A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 allows attackers to cause a Denial of Service (DoS) via a crafted XML file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Denial Of Service Easyplayerpro
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-34103 MEDIUM POC PATCH This Month

Avo is an open source ruby on rails admin panel creation framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Avo
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-33408 MEDIUM POC This Month

Minical 1.0.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Minical
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-33969 MEDIUM POC PATCH This Month

Kanboard is open source project management software that focuses on the Kanban methodology. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Kanboard
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-33968 MEDIUM POC PATCH This Month

Kanboard is open source project management software that focuses on the Kanban methodology. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-3109 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository admidio/admidio prior to 4.2.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Admidio
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0152 MEDIUM POC This Month

The WP Multi Store Locator WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Multi Store Locator
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-34408 MEDIUM POC PATCH This Month

DokuWiki before 2023-04-04a allows XSS via RSS titles. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Dokuwiki
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-33518 MEDIUM POC This Month

emoncms v11 and later was discovered to contain an information disclosure vulnerability which allows attackers to obtain the web directory path and other information leaked by the server via a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Emoncms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-3064 MEDIUM POC This Month

Anonymous user may get the list of existing users managed by the application, that could ease further attacks (see CVE-2023-3065 and 3066)3.20. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Amxgt 100
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-2634 MEDIUM POC This Month

The Get your number WordPress plugin through 1.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Get Your Number
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-2489 MEDIUM POC This Month

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Stop Spammers
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-2224 MEDIUM POC This Month

The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Seo
NVD WPScan
CVSS 3.1
4.8
EPSS
0.9%
CVE-2023-0545 MEDIUM POC This Month

The Hostel WordPress plugin before 1.1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Hostel
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-27989 MEDIUM PATCH This Month

A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00(ABUV.8)C0 could allow a remote authenticated attacker to cause denial of service (DoS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Zyxel Lte7480 M804 Firmware Lte7490 M904 Firmware +2
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-32766 MEDIUM PATCH This Month

Gitpod before 2022.11.3 allows XSS because redirection can occur for some protocols outside of the trusted set of three (vscode: vscode-insiders: jetbrains-gateway:). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Gitpod
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-27861 MEDIUM This Month

IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transmits sensitive information in cleartext that could be intercepted by an attacker using man in the middle techniques. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Maximo Application Suite
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2023-33524 MEDIUM This Month

Advent/SSC Inc. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Tamale Rms
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-34410 MEDIUM PATCH This Month

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Debian Linux Fedora Qt
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-32334 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Maximo Application Suite Maximo Asset Management
NVD
CVSS 3.1
5.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy