Skip to main content
CVE-2023-2507 MEDIUM POC PATCH This Month

CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Clevertap
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-3681 MEDIUM POC This Month

A vulnerability classified as problematic was found in Campcodes Retro Cellphone Online Store 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Retro Cellphone Online Store
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-38350 MEDIUM POC This Month

PNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via the basket API and filters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pnp4Nagios
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-30791 MEDIUM POC This Month

Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Plane
NVD GitHub
CVSS 3.1
4.6
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy