Skip to main content
CVE-2023-4743 MEDIUM POC This Month

A vulnerability was found in Dreamer CMS up to 4.1.3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Dreamer Cms
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-39373 MEDIUM This Month

A Hyundai model (2017) - CWE-294: Authentication Bypass by Capture-replay. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hyundai 2017 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-39371 MEDIUM This Month

StarTrinity Softswitch version 2023-02-16 - Open Redirect (CWE-601). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Softswitch
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-39369 MEDIUM This Month

StarTrinity Softswitch version 2023-02-16 - Multiple Reflected XSS (CWE-79). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Softswitch
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-37221 MEDIUM This Month

7Twenty BOT - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Bot
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-41180 MEDIUM This Month

Incorrect certificate validation in InvokeHTTP on Apache NiFi MiNiFi C++ versions 0.13 to 0.14 allows an intermediary to present a forged certificate during TLS handshake negotation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Information Disclosure Nifi Minifi C
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2023-39370 MEDIUM This Month

StarTrinity Softswitch version 2023-02-16 - Persistent XSS (CWE-79). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Softswitch
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-38516 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Audio Player With Playlist Ultimate
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-37222 MEDIUM This Month

Farsight Tech Nordic AB ProVide version 14.5 - Multiple XSS vulnerabilities (CWE-79) can be exploited by a user with administrator privilege. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Provide Server
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-38521 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Exifography
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-38518 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Borderless
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-38517 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wrc Pricing Tables
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-38482 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Post Affiliate Pro
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-38476 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Client Portal
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-38387 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic XSS Elastic Email Sender
NVD
CVSS 3.1
4.8
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy