Skip to main content
CVE-2023-39714 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Free And Open Source Inventory Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-39710 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Free And Open Source Inventory Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-39703 MEDIUM POC This Month

A cross site scripting (XSS) vulnerability in the Markdown Editor component of Typora v1.6.7 allows attackers to execute arbitrary code via uploading a crafted Markdown file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Typora
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-40969 MEDIUM POC This Month

Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Senayan Library Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-4722 MEDIUM POC PATCH This Month

Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.3-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-4721 MEDIUM POC PATCH This Month

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-4720 MEDIUM POC PATCH This Month

Floating Point Comparison with Incorrect Operator in GitHub repository gpac/gpac prior to 2.3-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-4704 MEDIUM POC PATCH This Month

External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Instantcms
NVD GitHub
CVSS 3.1
4.9
EPSS
0.7%
CVE-2023-25488 MEDIUM POC This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wp Default Feature Image
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-24675 MEDIUM POC This Month

Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attackers to execute arbitrary code via the Categories Friendly URL. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Bludit
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-3210 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-3205 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-41046 MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Privilege Escalation Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2023-4710 MEDIUM This Month

A vulnerability classified as problematic was found in TOTVS RM 12.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rm
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-41049 MEDIUM PATCH This Month

@dcl/single-sign-on-client is an open source npm library which deals with single sign on authentication flows. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Node.js XSS Single Sign On Client
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-4707 MEDIUM This Month

A vulnerability was found in Infosoftbd Clcknshop 1.0.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Clcknshop
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-37830 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Contwise Case2
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-37829 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Contwise Case2
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-37828 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Contwise Case2
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-37827 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Contwise Case2
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-37826 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Contwise Case2
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-37997 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Post List With Featured Image
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-37893 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Coming Soon Chop Chop
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-1279 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 4.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 where it. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Open Redirect
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41633 MEDIUM This Month

Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/fileutil.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Catdoc
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-37994 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Art Decoration Shortcode
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-23763 MEDIUM This Month

An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after its visibility was. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Enterprise Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-4018 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-39582 MEDIUM PATCH This Month

SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allows a remote privileged attacker to obtain sensitive information via the import sessions functions. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

SQLi Chamilo Lms
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2023-37986 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wordpress Yourmembership Single Sign On
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-34011 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Shopconstruct
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-25477 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Video Gallery
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-25044 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Social Share Boost
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-25042 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Oauth Twitter Feed For Developers
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-24412 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Image Social Feed
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-41051 MEDIUM PATCH This Month

In a typical Virtual Machine Monitor (VMM) there are several components, such as boot loader, virtual device drivers, virtio backend drivers and vhost drivers, that need to access the VM physical. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Vm Memory
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%
CVE-2023-4378 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-1555 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-0120 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy