Skip to main content
CVE-2023-36317 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in sourcecodester Student Study Center Desk Management System 1.0 allows attackers to run arbitrary code via crafted GET request to web application URL. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Student Study Center Desk Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-20168 MEDIUM This Month

A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cisco Denial Of Service Nx Os
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-41104 MEDIUM PATCH This Month

libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Information Disclosure Authentication Bypass Varnish Enterprise Vmod Digest
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-20200 MEDIUM This Month

A vulnerability in the Simple Network Management Protocol (SNMP) service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security Appliances and of Cisco UCS 6300 Series Fabric. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Denial Of Service Firepower 9300 Firmware Firepower 4143 Firmware Firepower 4112 Firmware +5
NVD
CVSS 3.1
6.3
EPSS
0.5%
CVE-2023-41098 MEDIUM PATCH This Month

An issue was discovered in MISP 2.4.174. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Misp
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32509 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Order Your Posts Manually
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32300 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Yoast Seo
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-28994 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Flatsome
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32499 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Radio Station
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32236 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Appointments Booking Calendar
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32119 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Mail Integration For Office 365 Outlook
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-20234 MEDIUM This Month

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Firepower Extensible Operating System
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2023-39441 MEDIUM PATCH This Month

Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Apache OpenSSL Information Disclosure Airflow Apache Airflow Providers Imap +1
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-4042 MEDIUM This Month

A flaw was found in ghostscript. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Red Hat Ghostscript Codeready Linux Builder +7
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-39986 MEDIUM This Month

** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Read vulnerability in Hitachi EH-VIEW (Designer) allows local attackers to potentially disclose information on affected EH-VIEW installations. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Eh View
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-40176 MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Xwiki
NVD GitHub
CVSS 3.1
5.4
EPSS
78.9%
CVE-2023-20230 MEDIUM This Month

A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to read, modify, or delete. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Application Policy Infrastructure Controller
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-20115 MEDIUM This Month

A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Nx Os
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-40282 MEDIUM This Month

Improper authentication vulnerability in Rakuten WiFi Pocket all versions allows a network-adjacent attacker to log in to the product's Management Screen. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wifi Pocket Firmware
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-40178 MEDIUM PATCH This Month

Node-SAML is a SAML library not dependent on any frameworks that runs in Node. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Node Saml
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-41100 MEDIUM PATCH This Month

An issue was discovered in the hcaptcha (aka hCaptcha for EXT:form) extension before 2.1.2 for TYPO3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Form Project
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-32505 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Easy Hide Login
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-32498 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Easy Form
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-32497 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Block Referer Spam
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-32496 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Block Bad Bots And Stop Bad Bots Crawlers And Spiders And Anti Spam Protection
NVD
CVSS 3.1
4.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy