Skip to main content
CVE-2023-5701 MEDIUM POC This Month

A vulnerability has been found in vnotex vnote up to 3.17.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vnote
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-5699 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in CodeAstro Internet Banking System 1.0.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Internet Banking System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-5698 MEDIUM POC This Month

A vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Internet Banking System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-5697 MEDIUM POC This Month

A vulnerability classified as problematic has been found in CodeAstro Internet Banking System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Internet Banking System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-46332 MEDIUM POC This Month

WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop(), which lead to segmentation fault. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Webassembly Binary Toolkit
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-43358 MEDIUM POC This Month

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Cms Made Simple
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-37636 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Uvdesk
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-44760 MEDIUM POC This Month

Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO &. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Concrete Cms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-27149 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Osticket
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-27148 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Osticket
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-5718 MEDIUM POC This Month

The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard `postMessage()` API. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Devtools
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-43067 MEDIUM This Month

Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Dell Unity Operating Environment Unity Xt Operating Environment Unityvsa Operating Environment
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-28803 MEDIUM This Month

An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass.9. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Client Connector
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-5702 MEDIUM POC THREAT This Month

A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vitogate 300 Firmware
NVD GitHub VulDB Exploit-DB
CVSS 3.1
6.5
EPSS
14.5%
CVE-2023-45802 MEDIUM This Month

When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Http Server Fedora Debian Linux
NVD
CVSS 3.1
5.9
EPSS
3.0%
CVE-2023-46331 MEDIUM This Month

WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange(), which lead to segmentation fault. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Webassembly Binary Toolkit
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-43624 MEDIUM This Month

CX-Designer Ver.3.740 and earlier (included in CX-One CXONE-AL[][]D-V4) contains an improper restriction of XML external entity reference (XXE) vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Cx Designer
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-45998 MEDIUM This Month

kodbox 1.44 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Kodbox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-38722 MEDIUM PATCH This Month

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Sterling Partner Engagement Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-46127 MEDIUM PATCH This Month

Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Python XSS Frappe
NVD GitHub
CVSS 3.1
5.4
EPSS
37.0%
CVE-2023-43065 MEDIUM This Month

Dell Unity prior to 5.3 contains a Cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dell Unity Operating Environment Unity Xt Operating Environment Unityvsa Operating Environment
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-28804 MEDIUM This Month

An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.4.0.105. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Client Connector
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-33840 MEDIUM PATCH This Month

IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Verify Governance
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-46288 MEDIUM PATCH This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.4.0 to 2.7.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Airflow
NVD GitHub
CVSS 3.1
4.3
EPSS
1.4%
CVE-2023-37532 MEDIUM This Month

HCL Commerce Remote Store server could allow a remote attacker, using a specially-crafted URL, to read arbitrary files on the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Commerce
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy