Skip to main content
CVE-2023-45750 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Nexter Extension
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-45637 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Eventprime
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-45634 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Copy Or Move Comments
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3010 MEDIUM This Month

Grafana is an open-source platform for monitoring and observability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Grafana XSS Worldmap Panel
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-34447 MEDIUM PATCH This Month

iTop is an open source, web-based IT service management platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Itop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-34446 MEDIUM PATCH This Month

iTop is an open source, web-based IT service management platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Itop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-1356 MEDIUM This Month

Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a user’s browsing session by attackers who have convinced the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Idweb
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-45754 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in I Thirteen Web Solution Easy Testimonial Slider and Form allows Stored XSS.0.18. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Easy Testimonial Slider And Form
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-43509 MEDIUM This Month

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to send notifications to computers that are running ClearPass OnGuard. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Clearpass Policy Manager
NVD
CVSS 3.1
5.8
EPSS
0.6%
CVE-2023-5745 MEDIUM This Month

The Reusable Text Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'text-blocks' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Reusable Text Blocks
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-42854 MEDIUM This Month

This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-42850 MEDIUM This Month

The issue was addressed with improved permissions logic. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-42842 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-41254 MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +1
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-41077 MEDIUM This Month

An app may be able to access protected user data. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-41072 MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-40449 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-40444 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-40421 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-40413 MEDIUM This Month

The issue was addressed with improved handling of caches. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +1
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-46316 MEDIUM This Month

In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Traceroute Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-46659 MEDIUM This Month

Jenkins Edgewall Trac Plugin 1.13 and earlier does not escape the Trac website URL on the build page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Edgewall Trac
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-46650 MEDIUM PATCH This Month

Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Github
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-46126 MEDIUM PATCH This Month

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Fides
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-46069 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ajax Archive Calendar
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-45829 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Newsletter Bulk Email Sender
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-45646 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pdf Block
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-45640 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Wp Ulike
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-26577 MEDIUM This Month

Stored cross-site scripting in the IDAttend’s IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing session of the logged in user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Idweb
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-42846 MEDIUM This Month

This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Tvos +1
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2023-42845 MEDIUM This Month

An authentication issue was addressed with improved state management. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-40408 MEDIUM This Month

An inconsistent user interface issue was addressed with improved state management. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Ipados Iphone Os macOS +1
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-5723 MEDIUM This Month

An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-5722 MEDIUM This Month

Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-46660 MEDIUM This Month

Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Zanata
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-46658 MEDIUM This Month

Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Msteams Webhook Trigger
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-46657 MEDIUM This Month

Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Gogs
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-46656 MEDIUM This Month

Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Multibranch Scan Webhook Trigger
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-41721 MEDIUM This Month

Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubiquiti Authentication Bypass Unifi Network Application
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-41339 MEDIUM PATCH This Month

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SSRF Geoserver
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-27256 MEDIUM This Month

Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Idweb
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-26579 MEDIUM This Month

Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Idweb
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-5126 MEDIUM PATCH This Month

The Delete Me plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'plugin_delete_me' shortcode in versions up to, and including, 3.0 due to insufficient input sanitization and. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Delete Me
NVD VulDB
CVSS 3.1
4.9
EPSS
0.1%
CVE-2023-42031 MEDIUM This Month

IBM TXSeries for Multiplatforms, 8.1, 8.2, and 9.1, CICS TX Standard CICS TX Advanced 10.1 and 11.1 could allow a privileged user to cause a denial of service due to uncontrolled resource. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Txseries For Multiplatforms Cics Tx
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2023-5380 MEDIUM PATCH This Month

A use-after-free flaw was found in the xorg-x11-server. Rated medium severity (CVSS 4.7). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Use After Free Memory Corruption X Server Xwayland +3
NVD
CVSS 3.1
4.7
EPSS
0.7%
CVE-2023-46068 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Maileon
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-45833 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Leadsquared Suite
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-45832 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Gotowebinar
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-45768 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Next Page
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-45767 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Simple Tweet
NVD
CVSS 3.1
4.8
EPSS
0.4%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy