Skip to main content
CVE-2023-41249 MEDIUM This Month

In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
53.1%
CVE-2023-32797 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Video Carousel Slider With Lightbox
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-32603 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Smart Donations
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32598 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Featured Image Pro Post Grid
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32518 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Chinese Conversion
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-4520 MEDIUM PATCH This Month

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_fv_player_user_video’ parameter saved via the 'save' function hooked via init, and the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Fv Flowplayer Video Player
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-39288 MEDIUM This Month

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges and internal network access to. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Mivoice Connect
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-39287 MEDIUM This Month

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges and internal network access to. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Mivoice Connect
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-41248 MEDIUM This Month

In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-25981 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Post Form
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-32576 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Locatoraid Store Locator
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-40577 MEDIUM PATCH This Month

Alertmanager handles alerts sent by client applications such as the Prometheus server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Alertmanager Debian Linux
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-38973 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in the Add Tag function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Badaso
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-40587 MEDIUM PATCH This Month

Pyramid is an open source Python web framework. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Python Pyramid Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-25848 MEDIUM This Month

ArcGIS Enterprise Server versions 11.0 and below have an information disclosure vulnerability where a remote, unauthorized attacker may submit a crafted query that may result in a low severity. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Arcgis Server
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-3425 MEDIUM This Month

Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions before 23.2 LTS SR3 allows unauthenticated user to read restricted amount of bytes from memory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Classic Web
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-32755 MEDIUM This Month

e-Excellence U-Office Force generates an error message in webiste service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft U Office Force
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-40570 MEDIUM PATCH This Month

Datasette is an open source multi-tool for exploring and publishing data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Datasette
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-40217 MEDIUM This Month

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-40182 MEDIUM This Month

Silverware Games is a premium social network where people can play games online. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Silverwaregames
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-40179 MEDIUM This Month

Silverware Games is a premium social network where people can play games online. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Silverwaregames
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-39291 MEDIUM This Month

A vulnerability in the Connect Mobility Router component of MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges to conduct an information disclosure. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mivoice Connect
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2023-39290 MEDIUM This Month

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through R19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges to conduct an information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mivoice Connect
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2023-41167 MEDIUM PATCH This Month

@webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by content managers. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Webiny
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-32596 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Weebotlite
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-32595 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sunny Search
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-32575 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Woocommerce
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-24394 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Iframe
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-32591 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dbargain
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-32584 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ebecas
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-32577 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Twitter Feed
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-40530 MEDIUM This Month

Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead a user to access. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Google Authentication Bypass Skylark
NVD
CVSS 3.1
4.7
EPSS
0.5%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy