Skip to main content
CVE-2023-2993 MEDIUM This Month

A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nextscale N1200 Enclosure Firmware Thinkagile Cp Cb 10 Firmware Thinkagile Cp Cb 10E Firmware Thinkagile Hx Enclosure Certified Node Firmware +4
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2023-32535 MEDIUM PATCH This Month

Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE XSS Trend Micro Apex Central
NVD
CVSS 3.1
6.1
EPSS
1.9%
CVE-2023-32534 MEDIUM PATCH This Month

Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE XSS Trend Micro Apex Central
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-32533 MEDIUM PATCH This Month

Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE XSS Trend Micro Apex Central
NVD
CVSS 3.1
6.1
EPSS
1.9%
CVE-2023-32532 MEDIUM PATCH This Month

Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE XSS Trend Micro Apex Central
NVD
CVSS 3.1
6.1
EPSS
1.9%
CVE-2023-32531 MEDIUM PATCH This Month

Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE XSS Trend Micro Apex Central
NVD
CVSS 3.1
6.1
EPSS
1.9%
CVE-2023-29459 MEDIUM This Month

The laola.redbull application through 5.1.9-R for Android exposes the exported activity at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity, which accepts a data: URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google SQLi Fc Red Bull Salzburg
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-29430 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Theroof
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-29427 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Amelia
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-28992 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Coupon Affiliates
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32556 MEDIUM PATCH This Month

A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Trend Micro Apex One
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-30902 MEDIUM PATCH This Month

A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-32605 MEDIUM PATCH This Month

Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Trend Micro Apex Central
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-32604 MEDIUM PATCH This Month

Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Trend Micro Apex Central
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-32537 MEDIUM PATCH This Month

Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Trend Micro Apex Central
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-32536 MEDIUM PATCH This Month

Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Trend Micro Apex Central
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-29437 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Connections Business Directory
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-29435 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cryptocurrency All In One
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-29436 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Iframe Shortcode
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-36662 MEDIUM This Month

The TechTime User Management components for Atlassian products allow stored XSS on the Bulk User Actions page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian User Management
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-32553 MEDIUM PATCH This Month

An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Trend Micro Apex One
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-32552 MEDIUM PATCH This Month

An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Trend Micro Apex One
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-35930 MEDIUM PATCH This Month

SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Spicedb
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-1620 MEDIUM This Month

Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure 750 331 Firmware 750 8202 Firmware 750 8202 000 011 Firmware 750 8202 000 012 Firmware +72
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2023-1619 MEDIUM This Month

Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure 750 331 Firmware 750 8202 Firmware 750 8202 000 011 Firmware 750 8202 000 012 Firmware +72
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-27082 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev4 allows remote attackers to run arbitrary code via upload of crafted html file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE XSS Pluck
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-29438 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Simplemodal Contact Form
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-29434 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Optin Forms
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-29424 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Shiftcontroller
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-29423 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Cancel Order Request Return Order Repeat Order Reorder For Woocommerce
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-29093 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PI Websolution Conditional cart fee plugin <= 1.0.96 versions. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Conditional Cart Fee Extra Charge Rule For Woocommerce Extra Fees
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-28991 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Pi Woocommerce Order Date Time And Type
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-28988 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Add To Cart Direct Checkout For Woocommerce
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-22359 MEDIUM This Month

User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Checkmk
NVD
CVSS 3.1
4.3
EPSS
0.5%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy