Skip to main content
CVE-2023-46490 MEDIUM POC This Month

SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cacti
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2023-42188 MEDIUM POC This Month

IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Icecms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-5817 MEDIUM POC PATCH This Month

The Neon text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's neontext_box shortcode in all versions up to, and including, 1.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Neon Text
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5774 MEDIUM POC PATCH This Month

The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.7 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Animated Counters
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-46503 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a remote attacker to execute arbitrary code via the reader management and book input modules. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Yxbookcms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-46505 MEDIUM POC This Month

Cross Site Scripting vulnerability in FanCMS v.1.0.0 allows an attacker to execute arbitrary code via the content1 parameter in the demo.php file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Fancms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-46491 MEDIUM POC This Month

ZenTao Biz version 4.1.3 and before has a Cross Site Scripting (XSS) vulnerability in the Version Library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Biz
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-46374 MEDIUM POC This Month

ZenTao Enterprise Edition version 4.1.3 and before is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Biz
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-46246 MEDIUM POC PATCH This Month

Vim is an improved version of the good old UNIX editor Vi. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Vim
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-46394 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in /home/user/edit_submit of gougucms v4.08.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gougucms
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-46504 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a physically proximate attacker to execute arbitrary code via the library name function in the general settings component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Yxbookcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-5811 MEDIUM POC PATCH This Month

A vulnerability, which was classified as problematic, was found in flusity CMS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Flusity
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-5810 MEDIUM POC PATCH This Month

A vulnerability, which was classified as problematic, has been found in flusity CMS.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Flusity
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-5821 MEDIUM This Month

The Thumbnail carousel slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Thumbnail Carousel Slider
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-5705 MEDIUM PATCH This Month

The VK Filter Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk_filter_search' shortcode in all versions up to, and including, 2.3.1 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Vk Filter Search
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5051 MEDIUM PATCH This Month

The CallRail Phone Call Tracking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'callrail_form' shortcode in versions up to, and including, 0.5.2 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Callrail Phone Call Tracking
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-46209 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Grid Plus
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-46208 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Motors Car Dealer Classifieds Listing
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-29009 MEDIUM PATCH This Month

baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Basercms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-46194 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Archivist Custom Archive Templates
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-46153 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Userfeedback
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-40139 MEDIUM PATCH This Month

In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-40133 MEDIUM PATCH This Month

In multiple locations of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-40123 MEDIUM PATCH This Month

In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-40121 MEDIUM PATCH This Month

In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

SQLi Information Disclosure Deserialization Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-46407 MEDIUM PATCH This Month

FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Ffmpeg
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-46211 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ultimate Addons For Wpbakery Page Builder
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-46200 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Smart App Banner
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-32738 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Eonet Manual User Approve
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-46199 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Triberr
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-46192 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Internal Link Building
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-46093 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Webmaster Tools
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-46091 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Category Seo Meta Tags
NVD
CVSS 3.1
4.8
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy