Skip to main content
CVE-2023-2272 MEDIUM POC This Month

The Tiempo.com WordPress plugin through 0.1.2 does not sanitise and escape the page parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Tiempo
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-2123 MEDIUM POC This Month

The WP Inventory Manager WordPress plugin before 2.1.0.13 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Inventory Manager
NVD GitHub WPScan
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-2122 MEDIUM POC This Month

The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitise and escape the iowd_tabs_active parameter before rendering it in the plugin admin panel, leading to a reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Image Optimizer
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-1465 MEDIUM POC This Month

The WP EasyPay WordPress plugin before 4.1 does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Easypay
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-0058 MEDIUM POC This Month

The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when creating and editing its shortcode, and is missing sanitisation as well as escaping, which could allow attackers to make. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Tiempo
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-4384 MEDIUM POC This Month

A vulnerability has been found in MaximaTech Portal Executivo 21.9.1.140 and classified as problematic. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Portal Executivo
NVD VulDB
CVSS 3.1
5.9
EPSS
0.4%
CVE-2023-4382 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in tdevs Hyip Rio 2.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hyip Rio
NVD VulDB Exploit-DB
CVSS 3.1
5.4
EPSS
1.1%
CVE-2023-38904 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability in Netlify CMS v.2.10.192 allows a remote attacker to execute arbitrary code via a crafted payload to the body parameter of the new post function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Netlify Cms
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-1110 MEDIUM POC This Month

The Yellow Yard Searchbar WordPress plugin before 2.8.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Yellow Yard Searchbar
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0551 MEDIUM POC This Month

The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Rest Api To Miniprogram
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-0274 MEDIUM POC This Month

The URL Params WordPress plugin before 2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Url Params
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-40021 MEDIUM POC PATCH This Month

Oppia is an online learning platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

CSRF Oppia
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-2254 MEDIUM POC This Month

The Ko-fi Button WordPress plugin before 1.3.3 does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ko Fi Button
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-2225 MEDIUM POC This Month

The SEO ALert WordPress plugin through 1.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Seo Alert
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-2271 MEDIUM POC This Month

The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when deleting its shortcode, which could allow attackers to make logged in admins delete arbitrary shortcode via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Tiempo
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-32490 MEDIUM This Month

Dell PowerScale OneFS 8.2x -9.5x contains an improper privilege management vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Powerscale Onefs
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-32489 MEDIUM This Month

Dell PowerScale OneFS 8.2x -9.5x contains a privilege escalation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Powerscale Onefs
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-32494 MEDIUM This Month

Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-20221 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service CSRF Video Phone 8875 Firmware Ip Phone 6821 With Multiplatform Firmware +21
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-20111 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Identity Services Engine
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-40347 MEDIUM This Month

Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Maven Artifact Choicelistprovider Nexus
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-40345 MEDIUM PATCH This Month

Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Delphix
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-32491 MEDIUM This Month

Dell PowerScale OneFS 9.5.0.x, contains an insertion of sensitive information into log file vulnerability in SNMPv3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-28075 MEDIUM This Month

Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. Rated medium severity (CVSS 6.3). No vendor patch available.

RCE Dell Alienware M15 R7 Firmware Alienware M16 Firmware Alienware M18 Firmware +239
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2023-20222 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Evolved Programmable Network Manager Prime Infrastructure
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-20242 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Unified Communications Manager Unified Communications Manager Im And Presence Service
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-20228 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Encs 5100 Firmware Encs 5400 Firmware Ucs C220 M5 Rack Server Firmware +3
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-30871 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Stock Exporter For Woocommerce
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-30779 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Query Wrangler
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-30785 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Video Grid
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-30782 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Church Admin
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-30473 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Yml For Yandex Market
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-39507 MEDIUM This Month

Improper authorization in the custom URL scheme handler in "Rikunabi NEXT" App for Android prior to ver. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Rikunabi Next
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-26140 MEDIUM PATCH This Month

Versions of the package @excalidraw/excalidraw from 0.0.0 are vulnerable to Cross-site Scripting (XSS) via embedded links in whiteboard objects due to improper input sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Excalidraw
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-40343 MEDIUM PATCH This Month

Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jenkins Information Disclosure Tuleap Authentication
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2023-20217 MEDIUM This Month

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges on an affected device. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Thousandeyes Enterprise Agent Thousandeyes Recorder
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-4385 MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-39250 MEDIUM This Month

Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Dell Replay Manager For Vmware Storage Integration Tools For Vmware +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-2737 MEDIUM This Month

Improper log permissions in SafeNet Authentication Service Version 3.4.0 on Windows allows an authenticated attacker to cause a denial of service via local privilege escalation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Microsoft Safenet Authentication Service
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-35011 MEDIUM PATCH This Month

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

SSRF IBM Cognos Analytics
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-20205 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Evolved Programmable Network Manager Prime Infrastructure
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-20203 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Evolved Programmable Network Manager Prime Infrastructure
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-20201 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Evolved Programmable Network Manager Prime Infrastructure
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-40350 MEDIUM This Month

Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Docker Docker Swarm
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-40346 MEDIUM PATCH This Month

Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Shortcut Job
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-40342 MEDIUM PATCH This Month

Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Flaky Test Handler
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-30784 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Kaya Qr Code Generator
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-35009 MEDIUM PATCH This Month

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system information without authentication which could be used in reconnaissance to gather information that. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cognos Analytics
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-20232 MEDIUM PATCH This Month

A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Cisco Information Disclosure Unified Contact Center Express
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-40349 MEDIUM This Month

Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Gogs
NVD
CVSS 3.1
5.3
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy