Skip to main content
CVE-2023-34246 MEDIUM POC PATCH This Month

Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Doorkeeper
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-2568 MEDIUM POC This Month

The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Photo Gallery
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2398 MEDIUM POC This Month

The Icegram Engage WordPress plugin before 3.1.12 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Icegram Engage
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2362 MEDIUM POC This Month

The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Bubble Menu Button Generator Calculator Builder +9
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-34941 MEDIUM POC THREAT This Month

A stored cross-site scripting (XSS) vulnerability in the urlFilterList function of Asus RT-N10LX Router v2.0.0.39 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rt N10Lx Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
23.8%
CVE-2023-2718 MEDIUM POC This Month

The Contact Form Email WordPress plugin before 1.3.38 does not escape submitted values before displaying them in the HTML, leading to a Stored XSS vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Contact Form Email
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-33492 MEDIUM POC This Month

EyouCMS 1.6.2 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eyoucms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-34855 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability in Youxun Electronic Equipment (Shanghai) Co., Ltd AC Centralized Management Platform v1.02.040 allows attackers to execute arbitrary code via uploading a. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Ac Centralized Management Platform
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-3159 MEDIUM PATCH This Month

A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel
NVD GitHub
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-34345 MEDIUM This Month

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can access arbitrary files, which may lead to information disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Megarac Sp X
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-34212 MEDIUM PATCH This Month

The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Deserialization Nifi
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2023-34026 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS This Day In History
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32961 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zotpress
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-32118 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Salert Fake Sales Notification Woocommerce
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-30753 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ip Metaboxes
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3161 MEDIUM PATCH This Month

A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-0431 MEDIUM This Month

The File Away WordPress plugin through 3.9.9.0.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS File Away
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-35054 MEDIUM This Month

In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Youtrack
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2023-34344 MEDIUM This Month

AMI BMC contains a vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username, which may lead to information disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Megarac Sp X
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-1323 MEDIUM This Month

The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Easy Forms For Mailchimp
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-28933 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Call Now Accessibility Button
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-31236 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Scripts N Styles
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-30745 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ip Metaboxes
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-23822 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Utm Tracker
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-23819 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Itemprop Wp For Serp Seo Rich Snippets
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-23818 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Register Profile With Shortcode
NVD
CVSS 3.1
4.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy