Skip to main content
CVE-2023-36256 MEDIUM POC This Month

The Online Examination System Project 1.0 version is vulnerable to Cross-Site Request Forgery (CSRF) attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Online Examination System
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-29998 MEDIUM POC This Month

A Cross-site scripting (XSS) vulnerability in the content editor in Gis3W g3w-suite 3.5 allows remote authenticated users to inject arbitrary web script or HTML and gain privileges via the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS G3W Suite
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-3532 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository outline/outline prior to 0.70.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Outline
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-37269 MEDIUM POC PATCH This Month

Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Winter
NVD GitHub Exploit-DB
CVSS 3.1
4.8
EPSS
2.7%
CVE-2023-37264 MEDIUM POC This Month

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Tekton Pipelines
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-35765 MEDIUM This Month

PiiGAB M-Bus stores credentials in a plaintext file, which could allow a low-level user to gain admin credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure M Bus 900S Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-3544 MEDIUM This Month

A vulnerability was found in GZ Scripts Time Slot Booking Calendar PHP 1.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Time Slot Booking Calendar Php
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3543 MEDIUM This Month

A vulnerability was found in GZ Scripts Availability Booking Calendar PHP 1.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Availability Booking Calendar Php
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3542 MEDIUM This Month

A vulnerability was found in ThinuTech ThinuCMS 1.5 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Thinu Cms
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3541 MEDIUM This Month

A vulnerability has been found in ThinuTech ThinuCMS 1.5 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Thinu Cms
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3540 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in SimplePHPscripts NewsLetter Script PHP 2.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Newsletter Script Php
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3539 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in SimplePHPscripts Simple Forum PHP 2.7.php of the component URL Parameter Handler. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Simple Forum Php
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3537 MEDIUM This Month

A vulnerability classified as problematic has been found in SimplePHPscripts News Script PHP Pro 2.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS News Script Php Pro
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3536 MEDIUM This Month

A vulnerability was found in SimplePHPscripts Funeral Script PHP 3.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Funeral Script Php
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3535 MEDIUM This Month

A vulnerability was found in SimplePHPscripts FAQ Script PHP 2.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Faq Script Php
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32652 MEDIUM This Month

PiiGAB M-Bus does not validate identification strings before processing, which could make it vulnerable to cross-site scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS M Bus 900S Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-35890 MEDIUM This Month

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Websphere Application Server
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-20133 MEDIUM This Month

A vulnerability in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Webex Meetings
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-3538 MEDIUM This Month

A vulnerability classified as problematic was found in SimplePHPscripts Photo Gallery PHP 2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Photo Gallery Php
NVD VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-37308 MEDIUM This Month

Zoho ManageEngine ADAudit Plus before 7100 allows XSS via the username field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Adaudit Plus
NVD
CVSS 3.1
5.4
EPSS
1.9%
CVE-2023-34197 MEDIUM This Month

Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zoho Authentication Bypass Manageengine Servicedesk Plus Manageengine Servicedesk Plus Msp +1
NVD
CVSS 3.1
5.4
EPSS
3.5%
CVE-2023-33008 MEDIUM PATCH This Month

Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache Johnzon. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Deserialization Johnzon
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2023-37067 MEDIUM PATCH This Month

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the classes/usergroups management section. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Chamilo
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-37066 MEDIUM PATCH This Month

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the skills wheel. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Chamilo
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-37065 MEDIUM PATCH This Month

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the session category management section. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Chamilo
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-37064 MEDIUM PATCH This Month

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management section. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Chamilo
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-37063 MEDIUM PATCH This Month

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management section. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Chamilo
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-37062 MEDIUM PATCH This Month

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the course categories' definition. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Chamilo
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-37061 MEDIUM PATCH This Month

Chamilo 1.11.x up to 1.11.20 allows users with an admin privilege account to insert XSS in the languages management section. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Chamilo
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-20180 MEDIUM This Month

A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Webex Meetings
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy