Skip to main content
CVE-2023-49082 MEDIUM POC PATCH This Month

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Python Aiohttp
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-48882 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Document Properties. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Eyoucms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-48881 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Eyoucms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-48880 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu Name field at. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Eyoucms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-49653 MEDIUM PATCH This Month

Jenkins Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Atlassian Jira
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-6217 MEDIUM This Month

In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a reflected cross-site scripting (XSS) vulnerability has been identified when MOVEit. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Moveit Transfer
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-49090 MEDIUM PATCH This Month

CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Carrierwave
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-44383 MEDIUM PATCH This Month

October is a Content Management System (CMS) and web platform to assist with development workflow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS October
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-49674 MEDIUM PATCH This Month

A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Neuvector Vulnerability Scanner
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-6070 MEDIUM This Month

A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Enterprise Security Manager
NVD
CVSS 3.1
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy