Skip to main content
CVE-2023-37745 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Description of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Maid Hiring Management System
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-37744 MEDIUM This Month

Maid Hiring Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-booking-request.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Maid Hiring Management System
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-37743 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Teacher Subject Allocation System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search text box. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teacher Subject Allocation System
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-3660 MEDIUM This Month

A vulnerability was found in Campcodes Retro Cellphone Online Store 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Retro Cellphone Online Store
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3659 MEDIUM This Month

A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ac Repair And Services System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-29457 MEDIUM PATCH This Month

Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Frontend
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-29455 MEDIUM PATCH This Month

Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Frontend
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-37561 MEDIUM This Month

Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Wrh 300Wh H Firmware Wtc 300Hwh Firmware Wtc C1167Gc B Firmware Wtc C1167Gc W Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-37560 MEDIUM This Month

Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wrh 300Wh H Firmware Wtc 300Hwh Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-30559 MEDIUM This Month

The firmware update package for the wireless card is not properly signed and can be modified. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Alaris 8015 Pcu Firmware
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2023-37468 MEDIUM PATCH This Month

Feedbacksystem is a personalized feedback system for students using artificial intelligence. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Feedbacksystem
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-21260 MEDIUM This Month

In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21249 MEDIUM PATCH This Month

In multiple functions of OneTimePermissionUserManager.java, there is a possible one-time permission retention due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21243 MEDIUM PATCH This Month

In validateForCommonR1andR2 of PasspointConfiguration.java, there is a possible way to inflate the size of a config file with no limits due to a buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21240 MEDIUM PATCH This Month

In Policy of Policy.java, there is a possible boot loop due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21239 MEDIUM PATCH This Month

In visitUris of Notification.java, there is a possible way to leak image data across user boundaries due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Session Fixation Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21238 MEDIUM PATCH This Month

In visitUris of RemoteViews.java, there is a possible leak of images between users due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Session Fixation Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-20942 MEDIUM PATCH This Month

In openMmapStream of AudioFlinger.cpp, there is a possible way to record audio without displaying the microphone privacy indicator due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-3319 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iDisplay PlatPlay DS allows Stored XSS.14. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-37272 MEDIUM PATCH This Month

JS7 is an Open Source Job Scheduler. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jobscheduler
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-31705 MEDIUM This Month

A Reflected Cross-site scripting (XSS) vulnerability in Sourcecodester Task Reminder System 1.0 allows an authenticated user to inject malicious javascript into the page parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Task Reminder System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-29456 MEDIUM PATCH This Month

URL validation scheme receives input from a user and then parses it to identify its various components. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Frontend
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-29454 MEDIUM This Month

Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application saves the payload (e.g., in a database or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Frontend
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-29452 MEDIUM This Month

Currently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field “Attribution text” when selected “Other” Tile provider. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zabbix
NVD
CVSS 3.1
5.4
EPSS
62.0%
CVE-2023-2200 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Gitlab
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-34458 MEDIUM PATCH This Month

mx-chain-go is the official implementation of the MultiversX blockchain protocol, written in golang. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Mx Chain Go
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2023-3362 MEDIUM This Month

An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-34131 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics enables an unauthenticated attacker to access restricted web pages.3.2-SP1 and earlier. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sonicwall Analytics Global Management System
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-29449 MEDIUM This Month

JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Zabbix
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2023-37275 MEDIUM PATCH This Month

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Autogpt Classic
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-2576 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-3363 LOW Monitor

An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
3.8
EPSS
0.2%
CVE-2023-2620 LOW Monitor

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
3.8
EPSS
0.5%
CVE-2023-30565 LOW Monitor

An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an attacker. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Guardrails Cqi Reporter
NVD
CVSS 3.1
3.5
EPSS
0.1%
CVE-2023-21246 LOW PATCH Monitor

In ShortcutInfo of ShortcutInfo.java, there is a possible way for an app to retain notification listening access due to an uncaught exception. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-21262 LOW PATCH Monitor

In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way of erroneously displaying the microphone privacy indicator due to a race condition. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Race Condition Information Disclosure Android
NVD
CVSS 3.1
3.1
EPSS
0.1%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy