Skip to main content
CVE-2023-43323 MEDIUM POC This Month

mooSocial 3.1.8 is vulnerable to external service interaction on post function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Moosocial
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2023-5215 MEDIUM POC This Month

A flaw was found in libnbd. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libnbd Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-38873 MEDIUM POC This Month

The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Economizzer
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-41447 MEDIUM POC This Month

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE PHP Ajaxnewsticker
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-41446 MEDIUM POC This Month

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE PHP Ajaxnewsticker
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-26149 MEDIUM POC PATCH This Month

Versions of the package quill-mention before 4.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization, via the renderList function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Quill Mention
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-5244 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2023-44174 MEDIUM POC This Month

Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Stored Cross-Site Scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Movie Ticket Booking System
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-44173 MEDIUM POC This Month

Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Reflected Cross-Site Scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Movie Ticket Booking System
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-43884 MEDIUM POC This Month

A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subrion
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-43878 MEDIUM POC This Month

Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a crafted payload into the Main Menu Items in the Administration Menu. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Ritecms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-43876 MEDIUM POC This Month

A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS October
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-43874 MEDIUM POC This Month

Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS E107 Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-43873 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Name filed in the Manage Menu. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS E107 Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-43872 MEDIUM POC This Month

A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Cms Made Simple
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-43871 MEDIUM POC This Month

A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Wbce Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-44276 MEDIUM POC PATCH This Month

OPNsense before 23.7.5 allows XSS via the index.php sequence parameter to the Lobby Dashboard. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Opnsense
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-44275 MEDIUM POC PATCH This Month

OPNsense before 23.7.5 allows XSS via the index.php column_count parameter to the Lobby Dashboard. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Opnsense
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-38871 MEDIUM POC This Month

The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Economizzer
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-43879 MEDIUM POC This Month

Rite CMS 3.0 has a Cross-Site scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Ritecms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-42756 MEDIUM POC PATCH This Month

A flaw was found in the Netfilter subsystem of the Linux kernel. Rated medium severity (CVSS 4.7). Public exploit code available.

Race Condition Denial Of Service Linux Linux Kernel Enterprise Linux +2
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2023-5233 MEDIUM This Month

The Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'fawesome' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Font Awesome Integration
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-5232 MEDIUM This Month

The Font Awesome More Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'icon' shortcode in versions up to, and including, 3.5 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Font Awesome More Icons
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-5230 MEDIUM This Month

The TM WooCommerce Compare & Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'tm_woo_wishlist_table' shortcode in versions up to, and including, 1.1.7 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Tm Woocommerce Compare Wishlist
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-43657 MEDIUM PATCH This Month

discourse-encrypt is a plugin that provides a secure communication channel through Discourse. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Discourse Encrypt
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-41911 MEDIUM This Month

Samsung Mobile Processor Exynos 2200 allows a GPU Double Free (issue 1 of 2). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Exynos 2200 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-43664 MEDIUM PATCH This Month

PrestaShop is an Open Source e-commerce web application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Microsoft Prestashop
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-43663 MEDIUM PATCH This Month

PrestaShop is an Open Source e-commerce web application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Microsoft Prestashop
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy