Skip to main content
CVE-2023-5631 MEDIUM POC KEV PATCH THREAT This Month

Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Webmail Debian Linux Fedora
NVD GitHub
CVSS 3.1
5.4
EPSS
75.9%
CVE-2023-45630 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gallery
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-20261 MEDIUM This Month

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Catalyst Sd Wan Manager
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-35083 MEDIUM This Month

Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 and all previous versions potentially leading to the leakage of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Manager
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-45909 MEDIUM PATCH This Month

zzzcms v2.2.0 was discovered to contain an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Zzzphp
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-45958 MEDIUM PATCH This Month

Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the backup_pagination parameter at /controller/AdminController.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP XSS Thirty Bees
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-45632 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Spidervplayer
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-45602 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ebook Store
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-30781 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tweeple
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-45071 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Form Maker
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-45070 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Form Maker
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-45065 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Bulk Noindex Nofollow Toolkit
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-32089 MEDIUM This Month

Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Platform
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-32088 MEDIUM This Month

Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Platform
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-32087 MEDIUM This Month

Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Platform
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-45064 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Opcache Dashboard
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-45062 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Canvasio3D Light
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-45054 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Product Category Tree
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-25476 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ampedsense
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-45628 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Qr Twitter Widget
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-45607 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Wordpress Popular Posts
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-45608 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Smart Cookie Kit
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-45067 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Wordpress Simple Html Sitemap
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-31217 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS User Location And Ip
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-45059 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gumroad
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-45049 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Youtube Playlist Player
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-45814 MEDIUM PATCH This Month

Bunkum is an open-source protocol-agnostic request server for custom game servers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Bunkum
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-45604 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Get Custom Field Values
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-45073 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mendeley Plugin
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-45072 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Order Auto Complete For Woocommerce
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-45057 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Web Analytics
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-45056 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open User Map
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-45051 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Image Vertical Reel Scroll Slideshow
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-45008 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Comment Reply Email
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-5621 MEDIUM This Month

The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Title field in versions up to, and including, 1.0 due to insufficient input. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

XSS WordPress Thumbnail Slider With Lightbox
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-4938 MEDIUM This Month

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Bear Woocommerce Bulk Editor And Products Manager Professional
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-3254 MEDIUM PATCH This Month

The Widgets for Google Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Google PHP WordPress CSRF Widgets For Google Reviews
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy