mooSocial 3.1.8 is vulnerable to external service interaction on post function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A flaw was found in libnbd. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Versions of the package quill-mention before 4.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization, via the renderList function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Stored Cross-Site Scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Reflected Cross-Site Scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a crafted payload into the Main Menu Items in the Administration Menu. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Name filed in the Manage Menu. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
OPNsense before 23.7.5 allows XSS via the index.php sequence parameter to the Lobby Dashboard. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
OPNsense before 23.7.5 allows XSS via the index.php column_count parameter to the Lobby Dashboard. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Rite CMS 3.0 has a Cross-Site scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A flaw was found in the Netfilter subsystem of the Linux kernel. Rated medium severity (CVSS 4.7). Public exploit code available.
The Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'fawesome' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Font Awesome More Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'icon' shortcode in versions up to, and including, 3.5 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The TM WooCommerce Compare & Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'tm_woo_wishlist_table' shortcode in versions up to, and including, 1.1.7 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
discourse-encrypt is a plugin that provides a secure communication channel through Discourse. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Samsung Mobile Processor Exynos 2200 allows a GPU Double Free (issue 1 of 2). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
PrestaShop is an Open Source e-commerce web application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.
PrestaShop is an Open Source e-commerce web application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.