Skip to main content
CVE-2023-39610 MEDIUM POC This Month

An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tapo C100 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-46361 MEDIUM POC This Month

Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability via jbig2_error at /jbig2dec/jbig2.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jbig2Dec
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-5073 MEDIUM POC This Month

The iframe forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'iframe' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Iframe Forms
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-44484 MEDIUM POC This Month

Online Blood Donation Management System v1.0 is vulnerable to a Stored Cross-Site Scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Blood Donation Management System
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-5307 MEDIUM POC This Month

The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Contest Gallery
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-5238 MEDIUM POC This Month

The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Eventprime
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-5211 MEDIUM POC This Month

The Fattura24 WordPress plugin before 6.2.8 does not sanitize or escape the 'id' parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Fattura24
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-4250 MEDIUM POC This Month

The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Eventprime
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-5863 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2023-5866 MEDIUM POC PATCH This Month

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Phpmyfaq
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2023-5114 MEDIUM POC This Month

The idbbee plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'idbbee' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Idbbee
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-46378 MEDIUM POC This Month

Stored Cross Site Scripting (XSS) vulnerability in MiniCMS 1.1.1 allows attackers to run arbitrary code via crafted string appended to /mc-admin/conf.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Minicms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-5458 MEDIUM POC This Month

The CITS Support svg, webp Media and TTF,OTF File Upload WordPress plugin before 3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress XSS Cits Support Svg Webp Media And Ttf Otf File Upload
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-5237 MEDIUM POC This Month

The Memberlite Shortcodes WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Memberlite Shortcodes
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-4823 MEDIUM POC This Month

The WP Meta and Date Remover WordPress plugin before 2.2.0 provides an AJAX endpoint for configuring the plugin settings. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Meta And Date Remover
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-5873 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-46451 MEDIUM POC This Month

Best Courier Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the change username field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Best Courier Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-46040 MEDIUM POC This Month

Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via the a crafted payload to the components.php function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Getsimplecms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-5867 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-39695 MEDIUM POC This Month

Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to arbitrarily change transmitter configuration and data after logging out. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Etg150 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-37831 MEDIUM POC This Month

An issue discovered in Elenos ETG150 FM transmitter v3.12 allows attackers to enumerate user accounts based on server responses when credentials are submitted. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Etg150 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-5243 MEDIUM POC This Month

The Login Screen Manager WordPress plugin through 3.5.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Login Screen Manager
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-5229 MEDIUM POC This Month

The E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS E2pdf
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-4390 MEDIUM POC This Month

The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Popup Box
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-5864 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-5861 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Microweber
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-5519 MEDIUM POC This Month

The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Eventprime
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-4836 MEDIUM POC This Month

The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Wordpress File Sharing Plugin
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-4251 MEDIUM POC This Month

The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Eventprime
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-25045 MEDIUM This Month

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Rsvpmaker
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-46255 MEDIUM PATCH This Month

SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Spicedb
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-5116 MEDIUM This Month

The Live updates from Excel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ipushpull_page' shortcode in versions up to, and including, 2.3.2 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Live Updates From Excel
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-20886 MEDIUM This Month

VMware Workspace ONE UEM console contains an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Open Redirect Workspace One Uem
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-46722 MEDIUM PATCH This Month

The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Authentication Bypass Admin Classic Bundle
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-46235 MEDIUM PATCH This Month

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Fogproject
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-46622 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wppizza
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-46313 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zotpress
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-46312 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Smart Online Order For Clover
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-46139 MEDIUM This Month

KernelSU is a Kernel based root solution for Android. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Kernelsu
NVD GitHub
CVSS 3.1
5.7
EPSS
0.2%
CVE-2023-24410 MEDIUM This Month

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contact Form - WPManageNinja LLC Contact Form Plugin - Fastest Contact Form Builder Plugin for. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-25047 MEDIUM This Month

A vulnerability in davidfcarr RSVPMarker rsvpmaker.9.3. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-46250 MEDIUM PATCH This Month

pypdf is a free and open-source pure-python PDF library. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Python Denial Of Service Pypdf
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-31794 MEDIUM This Month

MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mupdf
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-43796 MEDIUM PATCH This Month

Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Synapse Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-46237 MEDIUM PATCH This Month

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Apache Path Traversal Fogproject
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-46138 MEDIUM PATCH This Month

JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jumpserver
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-40681 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Groundhogg
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-46210 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wc Captcha
NVD
CVSS 3.1
4.8
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy