Skip to main content
CVE-2023-4455 MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Wallabag
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-3954 MEDIUM POC This Month

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Multiparcels Shipping For Woocommerce
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3936 MEDIUM POC This Month

The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Blog2Social
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-4454 MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

CSRF Wallabag
NVD GitHub
CVSS 3.1
5.7
EPSS
0.2%
CVE-2023-39094 MEDIUM POC This Month

Cross Site Scripting vulnerability in ZeroWdd studentmanager v.1.0 allows a remote attacker to execute arbitrary code via the username parameter in the student list function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Studentmanager
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-4453 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-3667 MEDIUM POC This Month

The Bit Assist WordPress plugin before 1.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Bit Assist
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-3366 MEDIUM POC This Month

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Multiparcels Shipping For Woocommerce
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-4417 MEDIUM This Month

Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Hashicorp Remote Desktop Manager
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-4456 MEDIUM This Month

A flaw was found in openshift-logging LokiStack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Openshift Logging
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-4303 MEDIUM PATCH This Month

Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XSS Fortify
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3481 MEDIUM PATCH This Month

Critters versions 0.0.17-0.0.19 have an issue when parsing the HTML, which leads to a potential cross-site scripting (XSS) bug. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Critters
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-39543 MEDIUM This Month

Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Luxcal Web Calendar
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-4459 MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-4301 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Fortify
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-40068 MEDIUM This Month

Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Advanced Custom Fields
NVD
CVSS 3.1
5.4
EPSS
1.5%
CVE-2023-4302 MEDIUM PATCH This Month

A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Fortify
NVD
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy