Skip to main content
CVE-2023-5452 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Snipe It
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-44771 MEDIUM POC This Month

A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Zenario
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-44770 MEDIUM POC This Month

A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute arbitrary code via a crafted script to the Organizer - Spare alias. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Zenario
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-44765 MEDIUM POC PATCH This Month

A Cross Site Scripting (XSS) vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 through 9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Concrete Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-44764 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability in Concrete CMS before 9.2.3 exists via the Name parameter during installation (aka Site of Installation or Settings). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Concrete Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-44762 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability in Concrete CMS from versions 9.2.0 to 9.2.2 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Concrete Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-44761 MEDIUM POC PATCH This Month

Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 through 9.2.1 allow a local attacker to execute arbitrary code via a crafted. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Concrete Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-44758 MEDIUM POC This Month

GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Page Title. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Gdidees Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-44766 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Concrete Cms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-21244 MEDIUM PATCH This Month

In visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a missing permission check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-45322 MEDIUM PATCH This Month

libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Libxml2
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-23366 MEDIUM This Month

A path traversal vulnerability has been reported to affect Music Station. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Music Station
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-23365 MEDIUM This Month

A path traversal vulnerability has been reported to affect Music Station. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Music Station
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-21291 MEDIUM PATCH This Month

In visitUris of Notification.java, there is a possible way to reveal image contents from another user due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21253 MEDIUM PATCH This Month

In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21252 MEDIUM PATCH This Month

In validatePassword of WifiConfigurationUtil.java, there is a possible way to get the device into a boot loop due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-5366 MEDIUM PATCH This Month

A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Openvswitch Openshift Container Platform Virtualization Enterprise Linux +1
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-45245 MEDIUM This Month

Sensitive information disclosure due to missing authorization. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Apple Information Disclosure Authentication Bypass Agent
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-29235 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Fugu Design Maintenance Switch maintenance-switch allows Cross Site Request Forgery.7.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-4469 MEDIUM This Month

The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Profile Extra Fields
NVD VulDB
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-42445 MEDIUM This Month

Gradle is a build tool with a focus on build automation and support for multi-language development. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XXE Gradle
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-23371 MEDIUM This Month

A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Qvpn
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-23370 MEDIUM This Month

An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Qvpn
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-44384 MEDIUM PATCH This Month

Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity.

SSRF Atlassian Discourse Jira
NVD GitHub
CVSS 3.1
4.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy