Skip to main content
CVE-2023-3574 MEDIUM POC PATCH This Month

Improper Authorization in GitHub repository pimcore/customer-data-framework prior to 3.4.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Customer Management Framework
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-3566 MEDIUM POC This Month

A vulnerability was found in wallabag 2.5.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wallabag
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
1.4%
CVE-2023-24488 MEDIUM POC THREAT This Month

Cross site scripting vulnerability in Citrix ADC and Citrix Gateway in allows and attacker to perform cross site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Citrix Gateway Application Delivery Controller
NVD
CVSS 3.1
6.1
EPSS
80.9%
CVE-2023-36939 MEDIUM POC This Month

Cross-Site Scripting (XSS) vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the search booking field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Hostel Management System
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-36936 MEDIUM POC This Month

Cross-Site Scripting (XSS) vulnerability in PHPGurukul Online Security Guards Hiring System using PHP and MySQL 1.0 allows attackers to execute arbitrary code via a crafted payload to the search. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Online Security Guards Hiring System
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-3118 MEDIUM POC This Month

The Export All URLs WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Export All Urls
NVD WPScan
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-37153 MEDIUM POC This Month

KodExplorer 4.51 contains a Cross-Site Scripting (XSS) vulnerability in the Description box of the Light App creation feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kodexplorer
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-1780 MEDIUM POC This Month

The Companion Sitemap Generator WordPress plugin before 4.5.3 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Companion Sitemap Generator
NVD WPScan
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-1119 MEDIUM POC This Month

The WP-Optimize WordPress plugin before 3.2.13, SrbTransLatin WordPress plugin before 2.4.1 use a third-party library that removes the escaping on some HTML characters, leading to a cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Srbtranslatin Wp Optimize
NVD WPScan
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-36375 MEDIUM POC This Month

Cross Site Scripting vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the Guardian name, Guardian relation, complimentary address,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Hostel Management System
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.9%
CVE-2023-3565 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository nilsteampassnet/teampass prior to 3.0.10. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-2964 MEDIUM POC This Month

The Simple Iframe WordPress plugin before 1.2.0 does not properly validate one of its WordPress block attribute's content, which may allow users whose role is at least that of a contributor to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Iframe
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-2529 MEDIUM POC This Month

The Enable SVG Uploads WordPress plugin through 2.1.5 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Enable Svg Uploads
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-3219 MEDIUM POC This Month

The EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Eventon
NVD WPScan Exploit-DB
CVSS 3.1
5.3
EPSS
7.4%
CVE-2023-2796 MEDIUM POC THREAT This Month

The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Eventon
NVD WPScan Exploit-DB
CVSS 3.1
5.3
EPSS
42.7%
CVE-2023-36940 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL v.1.2 allows attackers to execute arbitrary code via a crafted payload injected into the search. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Online Fire Reporting System
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-3225 MEDIUM POC This Month

The Float menu WordPress plugin before 5.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Float Menu
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-3175 MEDIUM POC This Month

The AI ChatBot WordPress plugin before 4.6.1 does not adequately escape some settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpbot
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-3129 MEDIUM POC This Month

The URL Shortify WordPress plugin before 1.7.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Url Shortify
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-36376 MEDIUM POC This Month

Cross-Site Scripting (XSS) vulnerability in Hostel Management System v.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the add course section. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hostel Management System
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-2967 MEDIUM POC This Month

The TinyMCE Custom Styles WordPress plugin before 1.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Tinymce Custom Styles
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-2709 MEDIUM POC This Month

The AN_GradeBook WordPress plugin through 5.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS An Gradebook
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-2635 MEDIUM POC This Month

The Call Now Accessibility Button WordPress plugin before 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Call Now Accessibility Button
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-2578 MEDIUM POC This Month

The Buy Me a Coffee WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Buy Me A Coffee
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-2029 MEDIUM POC This Month

The PrePost SEO WordPress plugin through 3.0 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Prepost Seo
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-2028 MEDIUM POC This Month

The Call Now Accessibility Button WordPress plugin before 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Call Now Accessibility Button
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-2026 MEDIUM POC This Month

The Image Protector WordPress plugin through 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Image Protector
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-3580 MEDIUM POC PATCH This Month

Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Squidex
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-3131 MEDIUM POC This Month

The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Mstore Api
NVD WPScan
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-2495 MEDIUM POC This Month

The Greeklish-permalink WordPress plugin through 3.3 does not implement correct authorization or nonce checks in the cyrtrans_ajax_old AJAX action, allowing unauthenticated and low-privilege users to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Greeklish Permalink
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-29256 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Microsoft IBM Db2
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-28955 MEDIUM PATCH This Month

IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 could allow an authenticated user send a specially crafted request that could cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Watson Knowledge Catalog On Cloud Pak For Data
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-2853 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Softmed SelfPatron allows Reflected XSS.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Selfpatron
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-3564 MEDIUM This Month

A vulnerability was found in GZ Scripts GZ Multi Hotel Booking System 1.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Gz Multi Hotel Booking System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3563 MEDIUM This Month

A vulnerability was found in GZ Scripts GZ E Learning Platform 1.8 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gz E Learning Platform
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3562 MEDIUM This Month

A vulnerability has been found in GZ Scripts PHP CRM Platform 1.8 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Php Crm Platform
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3561 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in GZ Scripts PHP GZ Hotel Booking Script 1.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Php Gz Hotel Booking Script
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3560 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in GZ Scripts Ticket Booking Script 1.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Ticket Booking Script
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3559 MEDIUM This Month

A vulnerability classified as problematic was found in GZ Scripts PHP GZ Appointment Scheduling Script 1.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Php Gz Appointment Scheduling Script
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3557 MEDIUM This Month

A vulnerability was found in GZ Scripts Property Listing Script 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Property Listing Script
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3556 MEDIUM This Month

A vulnerability was found in GZ Scripts Car Listing Script PHP 1.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Car Listing Script Php
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3555 MEDIUM This Month

A vulnerability was found in GZ Scripts PHP Vacation Rental Script 1.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Php Vacation Rental Script
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3554 MEDIUM This Month

A vulnerability was found in GZ Scripts GZ Forum Script 1.8 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Gz Forum Script
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-37150 MEDIUM This Month

Sourcecodester Online Pizza Ordering System v1.0 has a Cross-site scripting (XSS) vulnerability in "/admin/index.php?page=categories" Category item. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Online Pizza Ordering System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-24486 MEDIUM This Month

A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Citrix Workspace
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-32627 MEDIUM This Month

A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Sound Exchange Extra Packages For Enterprise Linux Fedora Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-26590 MEDIUM This Month

A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Sound Exchange Extra Packages For Enterprise Linux Fedora Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-23348 MEDIUM This Month

HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hcl Launch
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-1183 MEDIUM PATCH This Month

A flaw was found in the Libreoffice package. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Libreoffice Fedora Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
64.6%
CVE-2023-30963 MEDIUM This Month

A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Foundry Frontend
NVD
CVSS 3.1
5.4
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy