Skip to main content
CVE-2023-33515 MEDIUM This Month

SoftExpert Excellence Suite 2.1.9 is vulnerable to Cross Site Scripting (XSS) via query screens. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Excellence Suite
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0010 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto XSS Pan Os
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-35146 MEDIUM This Month

Jenkins Template Workflows Plugin 41.v32d86a_313b_4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Template Workflows
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-35145 MEDIUM This Month

Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Sonargraph Integration
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-35144 MEDIUM This Month

Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Maven Repository Server
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-35143 MEDIUM This Month

Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Maven Repository Server
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-32013 MEDIUM PATCH This Month

Windows Hyper-V Denial of Service Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +4
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2023-29355 MEDIUM PATCH This Month

DHCP Server Service Information Disclosure Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Windows Server 2012 Windows Server 2016 Windows Server 2019 Windows Server 2022
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2023-35116 MEDIUM This Month

jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Jackson Databind
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%
CVE-2023-32019 MEDIUM PATCH This Month

Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 4.7). This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +5
NVD
CVSS 3.1
4.7
EPSS
1.4%
CVE-2023-3203 MEDIUM PATCH This Month

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_limit_product function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Mstore Api
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-3198 MEDIUM PATCH This Month

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_status_order_message function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Mstore Api
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-3201 MEDIUM PATCH This Month

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_title function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Mstore Api
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-3200 MEDIUM PATCH This Month

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_message function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Mstore Api
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-2819 MEDIUM This Month

A stored cross-site scripting vulnerability in the Sources UI in Proofpoint Threat Response/ Threat Response Auto Pull (PTR/TRAP) could allow an authenticated administrator on an adjacent network to. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

RCE XSS Threat Response Auto Pull
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-32024 LOW PATCH Monitor

Microsoft Power Apps Spoofing Vulnerability. Rated low severity (CVSS 3.0), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Power Apps
NVD
CVSS 3.1
3.0
EPSS
1.5%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy