Skip to main content
CVE-2023-34462 MEDIUM POC PATCH This Month

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Netty
NVD GitHub
CVSS 3.1
6.5
EPSS
2.5%
CVE-2023-34927 MEDIUM POC This Month

Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Casdoor
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
3.1%
CVE-2023-34796 MEDIUM POC This Month

Cross site scripting (XSS) vulnerabiliy in dmarcts-report-viewer dashboard versions 1.1 and thru commit 8a1d882b4c481a05e296e9b38a7961e912146a0f, allows unauthenticated attackers to execute arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Dmarc Report
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-36093 MEDIUM POC This Month

There is a storage type cross site scripting (XSS) vulnerability in the filing number of the Basic Information tab on the backend management page of EyouCMS v1.6.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eyoucms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-2991 MEDIUM POC This Month

Fortra Globalscape EFT's administration server suffers from an information disclosure vulnerability where the serial number of the harddrive that Globalscape is installed on can be remotely. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Eft Server
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-30347 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in Neox Contact Center 2.3.9, via the serach_sms_api_name parameter to the SMA API search. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Neox Dial Centre
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-29707 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in GBCOM LAC WEB Control Center version lac-1.3.x, allows attackers to create an arbitrary device. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lac Web Control Center
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-28534 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpjobportal WP Job Portal wp-job-portal allows DOM-Based XSS.0.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-34553 MEDIUM This Month

An issue was discovered in WAFU Keyless Smart Lock v1.0 allows attackers to unlock a device via code replay attack. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wafu Keyless Smart Lock Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-25499 MEDIUM PATCH This Month

When adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 through 10.0.22, 11.0.0 through 14.10.0, 15.0.0 through 22.0.28, 23.0.0 through 23.3.12,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Vaadin
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-35093 MEDIUM This Month

Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin - for Online Courses and Education plugin <= 3.0.8 versions allows any logged-in users, such as subscribers to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Masterstudy Lms
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-35132 MEDIUM PATCH This Month

A limited SQL injection risk was identified on the Mnet SSO access control page. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

SQLi Moodle
NVD
CVSS 3.1
6.3
EPSS
0.8%
CVE-2023-28016 MEDIUM This Month

Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Bigfix Osd Bare Metal Server
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-23343 MEDIUM This Month

A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Bigfix Osd Bare Metal Server
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-35131 MEDIUM PATCH This Month

Content on the groups page required additional sanitizing to prevent an XSS risk. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-28800 MEDIUM This Month

When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Client Connector
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-28799 MEDIUM This Month

A URL parameter during login flow was vulnerable to injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Client Connector
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-33997 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Bbp Style Pack
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32960 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in UpdraftPlus.Com, DavidAnderson UpdraftPlus WordPress Backup Plugin <= 1.23.3 versions leads to sitewide Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS CSRF Updraftplus
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-35918 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Bulk Stock Management
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-30500 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Contact Form Wpforms
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-28784 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Contest Gallery
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-28776 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Continuous Image Carousel With Lightbox
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-28750 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Albo Pretorio On Line
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-33387 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in DATEV eG Personal-Management System Comfort/Comfort Plus v15.1.0 to v16.1.1 P4 allows attackers to steal targeted users' login data by sending. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Eg Personal Management System Comfort Comfort Plus
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-28166 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tags Cloud Manager
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-33842 MEDIUM PATCH This Month

IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Microsoft IBM Spss Modeler
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-31868 MEDIUM This Month

Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS X3
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-32239 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Woodmart Theme
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-28418 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mediciti Lite
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-35090 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Masterstudy Lms
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31213 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Page Builder
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-28171 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Brilliance
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-27631 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Daily Prayer Time
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-27629 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Site Reviews
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-27612 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Site Reviews
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-27413 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS W4 Post List
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-34170 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Download Quick Bulk Order Form For Woocommerce
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-34368 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Kanban Boards
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-34006 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Telegram Bot Channel
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-33323 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Armember
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-28774 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Review Stream
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-28778 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pagination
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-28174 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Erocket
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-27452 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Button Generator Easily Button Builder
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-26539 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Advanced Text Widget
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-26534 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Repost
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-23811 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Smoothscroller
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-23807 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mojoplug Slide Panel
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-28695 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Vigilantor
NVD
CVSS 3.1
4.8
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy