Skip to main content
CVE-2023-6199 MEDIUM POC This Month

Book Stack version 23.10.2 allows filtering local files on the server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Bookstack
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2023-47311 MEDIUM POC This Month

An issue in Yamcs 5.8.6 allows attackers to send aribitrary telelcommands in a Command Stack via Clickjacking. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yacms
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-5609 MEDIUM POC This Month

The Seraphinite Accelerator WordPress plugin before 2.2.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Seraphinite Accelerator
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-5140 MEDIUM POC This Month

The Bonus for Woo WordPress plugin before 5.8.3 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Bonus For Woo
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-48223 MEDIUM POC PATCH This Month

fast-jwt provides fast JSON Web Token (JWT) implementation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Fast Jwt
NVD GitHub
CVSS 3.1
5.9
EPSS
0.7%
CVE-2023-48039 MEDIUM POC This Month

GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_parse_string media_tools/mpd.c:75. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-46471 MEDIUM POC This Month

Cross Site Scripting vulnerability in Space Applications Services Yamcs v.5.8.6 allows a remote attacker to execute arbitrary code via the text variable scriptContainer of the ScriptViewer. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Yacms
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-46470 MEDIUM POC This Month

Cross Site Scripting vulnerability in Space Applications Services Yamcs v.5.8.6 allows a remote attacker to execute arbitrary code via crafted telecommand in the timeline view of the ArchiveBrowser. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Yacms
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-5799 MEDIUM POC This Month

The WP Hotel Booking WordPress plugin before 2.0.8 does not have proper authorisation when deleting a package, allowing Contributor and above roles to delete posts that do no belong to them. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Wp Hotel Booking
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-5651 MEDIUM POC This Month

The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wp Hotel Booking
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-5610 MEDIUM POC This Month

The Seraphinite Accelerator WordPress plugin before 2.2.29 does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Open Redirect Seraphinite Accelerator
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-5509 MEDIUM POC This Month

The myStickymenu WordPress plugin before 2.6.5 does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Mystickymenu
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-4799 MEDIUM POC This Month

The Magic Embeds WordPress plugin before 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Magic Embeds
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-48300 MEDIUM POC PATCH This Month

The `Embed Privacy` plugin for WordPress that prevents the loading of embedded external content is vulnerable to Stored Cross-Site Scripting via `embed_privacy_opt_out` shortcode in versions up to,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS Embed Privacy
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-5343 MEDIUM POC This Month

The Popup box WordPress plugin before 3.7.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Popup Box
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-5119 MEDIUM POC This Month

The Forminator WordPress plugin before 1.27.0 does not properly sanitize the redirect-url field in the form submission settings, which could allow high-privilege users such as an administrator to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Forminator
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-4970 MEDIUM POC This Month

The PubyDoc WordPress plugin through 2.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pubydoc
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-4808 MEDIUM POC This Month

The WP Post Popup WordPress plugin through 3.7.3 does not sanitise and escape some of its inputs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Post Popup
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-6178 MEDIUM This Month

An arbitrary file write vulnerability exists where an authenticated attacker with privileges on the managing application could alter Nessus Rules variables to overwrite arbitrary files on the remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Nessus
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-6062 MEDIUM This Month

An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus Rules variables to overwrite arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Nessus
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-36013 MEDIUM PATCH This Month

PowerShell Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Information Disclosure Authentication Bypass Powershell
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2023-47417 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in the component /shells/embedder.html of DZSlides after v2011.07.25 allows attackers to execute arbitrary code via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Dzslides
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-38883 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Opensis
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-38882 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Opensis
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-38881 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Opensis
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-47175 MEDIUM This Month

Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Luxcal Web Calendar
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-47217 MEDIUM This Month

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-46705 MEDIUM This Month

in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-46100 MEDIUM This Month

in OpenHarmony v3.2.2 and prior versions allow a local attacker get sensitive buffer information through use of uninitialized resource. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-42774 MEDIUM This Month

in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information through incorrect default permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-6197 MEDIUM This Month

The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Audio Merchant
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-47772 MEDIUM This Month

Contributor+ Stored Cross-Site Scripting (XSS) vulnerability in Slider Revolution <= 6.6.14. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Slider Revolution
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-48309 MEDIUM PATCH This Month

NextAuth.js provides authentication for Next.js. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Next Auth
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-48218 MEDIUM PATCH This Month

The Strapi Protected Populate Plugin protects `get` endpoints from revealing too much information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Protected Populate
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-3379 MEDIUM This Month

Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Compact Controller 100 Firmware Edge Controller Firmware Pfc100 Firmware Pfc200 Firmware +3
NVD
CVSS 3.1
5.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy