Skip to main content
CVE-2023-4602 MEDIUM POC PATCH This Month

The Namaste!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Namaste Lms
NVD VulDB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-41597 MEDIUM POC This Month

EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /admin/twitter.php?active_t. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Eyoucms
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-6105 MEDIUM POC This Month

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zoho Manageengine Analytics Plus Manageengine Appcreator Manageengine Application Control Plus +36
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2023-48200 MEDIUM POC This Month

Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the equipment description component within /equipment/. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Grocy
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-48198 MEDIUM POC This Month

A Cross-Site Scripting (XSS) vulnerability in the 'product description' component within '/api/stock/products' of Grocy version <= 4.0.3 allows attackers to obtain a victim's cookies. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Grocy
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-48197 MEDIUM POC This Month

Cross-Site Scripting (XSS) vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Grocy
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-48088 MEDIUM POC This Month

xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /xxl-job-admin/joblog/logDetailPage. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xxl Job
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-48087 MEDIUM POC This Month

xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job-admin/joblog/clearLog and /xxl-job-admin/joblog/logDetailCat. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xxl Job
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47446 MEDIUM POC This Month

Pre-School Enrollment version 1.0 is vulnerable to Cross Site Scripting (XSS) on the profile.php page via fullname parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Pre School Enrollment System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47309 MEDIUM POC This Month

Nukium nkmgls before version 3.0.2 is vulnerable to Cross Site Scripting (XSS) via NkmGlsCheckoutModuleFrontController::displayAjaxSavePhoneMobile. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gls
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47636 MEDIUM POC PATCH This Month

The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure SQLi Admin Classic Bundle
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-6133 MEDIUM PATCH This Month

The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient blacklisting on the 'forminator_allowed_mime_types' function in versions up to, and including, 1.27.0. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload WordPress Forminator
NVD VulDB
CVSS 3.1
6.6
EPSS
0.3%
CVE-2023-43588 MEDIUM This Month

Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Meetings Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-4889 MEDIUM PATCH This Month

The Shareaholic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shareaholic' shortcode in versions up to, and including, 9.7.8 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Shareaholic
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-41699 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server, Micro and Embedded (Servlet Implementation modules) allows Redirect Access to Libraries.0.0 before. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Payara
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-48219 MEDIUM PATCH This Month

TinyMCE is an open source rich text editor. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tinymce
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-5987 MEDIUM PATCH This Month

A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability leading to a cross site scripting condition where attackers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ecostruxure Power Monitoring Expert
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-5986 MEDIUM This Month

A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Redirect Ecostruxure Power Monitoring Expert
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-5676 MEDIUM PATCH This Month

In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Openj9
NVD GitHub
CVSS 3.1
5.9
EPSS
0.4%
CVE-2023-46672 MEDIUM This Month

An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Elastic Information Disclosure Logstash
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-38544 MEDIUM This Month

A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Secure Access Client
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-4690 MEDIUM PATCH This Month

The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Elementor Addon Elements Elementor
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2023-4689 MEDIUM PATCH This Month

The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Elementor Addon Elements Elementor
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2023-4723 MEDIUM PATCH This Month

The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.12.7 via the ajax_eae_post_data function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Information Disclosure WordPress Elementor Addon Elements Elementor
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-6032 MEDIUM This Month

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause a file system enumeration and file download when an attacker navigates. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Galaxy Vl Firmware Galaxy Vs Firmware
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-5984 MEDIUM This Month

A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow modified firmware to be uploaded when an authorized admin user begins a firmware update procedure which could. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ion8650 Firmware Ion8800 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2023-5985 MEDIUM This Month

A CWE-79 Improper Neutralization of Input During Web Page Generation vulnerability exists that could cause compromise of a user’s browser when an attacker with admin privileges has modified system. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ion8650 Firmware Ion8800 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-5381 MEDIUM PATCH This Month

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.12.7 due to insufficient input sanitization and. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Elementor Addon Elements Elementor
NVD VulDB
CVSS 3.1
4.4
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy