Skip to main content
CVE-2023-5153 MEDIUM POC This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-8000 up to 20151231. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP SQLi Dar 7000 Firmware
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
1.7%
CVE-2023-5152 MEDIUM POC This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-7000 and DAR-8000 up to 20151231. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP SQLi Dar 8000 Firmware
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
7.0%
CVE-2023-42426 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Froala Editor
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
1.1%
CVE-2023-43326 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability exisits in multiple url of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Moosocial
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2023-4549 MEDIUM POC This Month

The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Dologin Security
NVD WPScan
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-4476 MEDIUM POC This Month

The Locatoraid Store Locator WordPress plugin before 3.9.24 does not sanitise and escape the lpr-search parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Locatoraid
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-4148 MEDIUM POC This Month

The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ditty
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-43339 MEDIUM POC This Month

Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Cms Made Simple
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-43458 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in Resort Reservation System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the room, name, and description. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Resort Reservation System
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-43456 MEDIUM POC This Month

Cross Site Scripting vulnerability in Service Provider Management System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the firstname, middlename and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Service Provider Management System
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-4631 MEDIUM POC This Month

The DoLogin Security WordPress plugin before 3.7 uses headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Dologin Security
NVD WPScan
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-4281 MEDIUM POC This Month

This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Activity Log
NVD WPScan
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-4502 MEDIUM POC This Month

The Translate WordPress with GTranslate WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Translate Wordpress With Gtranslate
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-3226 MEDIUM POC This Month

The Popup Builder WordPress plugin before 4.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Popup Builder
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-4892 MEDIUM POC This Month

Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Teedy
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2023-4258 MEDIUM PATCH This Month

In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-43132 MEDIUM This Month

szvone vmqphp <=1.13 is vulnerable to SQL Injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Vmqphp
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-5166 MEDIUM This Month

Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL.23.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker Docker Desktop
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-43256 MEDIUM PATCH This Month

A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal Gladys Assistant
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-43319 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in the Sign-In page of IceWarp WebClient 10.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Webclient
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-41871 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Poll Maker
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41868 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Stagtools
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41867 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Acymailing
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41863 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Peprodev Cf7 Database
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41872 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Woodmart
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41874 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Order Delivery Date For Woocommerce
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-5158 MEDIUM PATCH This Month

A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in the host side of a virtio ring in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-42817 MEDIUM PATCH This Month

Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Admin Classic Bundle
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-41295 MEDIUM This Month

Vulnerability of improper permission management in the displayengine module. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-41949 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ifolders
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-41948 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cookie Notice Consent
NVD
CVSS 3.1
4.8
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy