Skip to main content
CVE-2023-27576 MEDIUM POC This Month

An issue was discovered in phpList before 3.6.14. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Phplist
NVD GitHub
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-38910 MEDIUM POC This Month

CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Csz Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-38911 MEDIUM POC This Month

A Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Csz Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-4422 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Cockpit
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-40037 MEDIUM PATCH This Month

Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Nifi
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2023-32122 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Spiffy Calendar
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-32109 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Albo Pretorio Online
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32108 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Albo Pretorio Online
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-30499 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fv Flowplayer Video Player
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32107 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Photo Gallery
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32106 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Docs
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32105 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wppizza
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-31218 MEDIUM This Month

Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) vulnerability in realmag777 WOLF - WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.6 versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS CSRF Wolf Wordpress Posts Bulk Editor And Products Manager Professional
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-31094 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Stock Sync For Woocommerce
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-27471 MEDIUM This Month

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Insydeh2o
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-29387 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Manager For Icomoon
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-32103 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tp Education
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-4040 MEDIUM PATCH This Month

The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_callback_handler function in versions up. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass Stripe Payment Plugin For Woocommerce
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-32130 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Multi Rating
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-31232 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Plugins List
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-31228 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cm Search And Replace
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-30875 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Logo Scheduler
NVD
CVSS 3.1
4.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy