Skip to main content
CVE-2023-37256 MEDIUM POC This Month

An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mediawiki
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-37255 MEDIUM POC This Month

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mediawiki
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-37254 MEDIUM POC This Month

An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mediawiki
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-34599 MEDIUM POC This Month

Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gibbon
NVD GitHub
CVSS 3.1
6.1
EPSS
1.9%
CVE-2023-34486 MEDIUM POC This Month

itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Online Hotel Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-33661 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities were discovered in Church CRM v4.5.3 in GroupReports.php via GroupRole, ReportModel, and OnlyCart parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Churchcrm
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-26966 MEDIUM POC PATCH This Month

libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libtiff
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-25433 MEDIUM POC PATCH This Month

libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libtiff
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-36476 MEDIUM POC PATCH This Month

calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Calamares Nixos Extensions
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-36471 MEDIUM POC PATCH This Month

Xwiki commons is the common modules used by other XWiki top level projects. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Commons
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2023-34831 MEDIUM POC This Month

The "Submission Web Form" of Turnitin LTI tool/plugin version 1.3 is affected by HTML Injection attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ithacalabs Turnitin Lti
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-34834 MEDIUM POC This Month

A Directory Browsing vulnerability in MCL-Net version 4.3.5.8788 webserver running on default port 5080, allows attackers to gain sensitive information about the configured databases via the "/file". Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Mcl Net Firmware
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
4.0%
CVE-2023-34734 MEDIUM POC This Month

Annet AC Centralized Management Platform 1.02.040 is vulnerable to Stored Cross-Site Scripting (XSS) . Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Annet Ac Centralized Management Platform
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-3465 MEDIUM This Month

A vulnerability was found in SimplePHPscripts Classified Ads Script 1.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Classified Ads Script Php
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3464 MEDIUM This Month

A vulnerability was found in SimplePHPscripts Classified Ads Script 1.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Classified Ads Script Php
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-36484 MEDIUM This Month

ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to reflected Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ilias
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-37251 MEDIUM This Month

An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mediawiki
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-34648 MEDIUM This Month

A Cross Site Scripting vulnerability in PHPgurukl User Registration Login and User Management System with admin panel v.1.0 allows a local attacker to execute arbitrary code via a crafted script to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE XSS User Registration Login And User Management System With Admin Panel
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-30955 MEDIUM This Month

A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Foundry Workspace Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-36488 MEDIUM This Month

ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to stored Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ilias
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-36607 MEDIUM This Month

The affected TBox RTUs are missing authorization for running some API commands. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tbox Ms Cpu32 Firmware Tbox Ms Cpu32 S2 Firmware Tbox Lt2 Firmware Tbox Tg2 Firmware +1
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-34658 MEDIUM This Month

Telegram v9.6.3 on iOS allows attackers to hide critical information on the User Interface via calling the function SFSafariViewController. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Telegram
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-36617 MEDIUM PATCH This Month

A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Uri
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2023-1602 MEDIUM PATCH This Month

The Short URL plugin for WordPress is vulnerable to stored Cross-Site Scripting via the 'comment' parameter due to insufficient input sanitization and output escaping in versions up to, and. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

WordPress XSS Short Url
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-30946 MEDIUM This Month

A security defect was identified in Foundry Issues. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Foundry Issues
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy