Skip to main content
CVE-2023-48329 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeBard Fast Custom Social Share by CodeBard allows Stored XSS.1.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fast Custom Social Share
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-41136 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Laurence/OhMyBox.Info Simple Long Form allows Stored XSS.2.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Simple Long Form
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-48737 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PT Trijaya Digital Grup TriPay Payment Gateway allows Stored XSS.2.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Payment Gateway
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-48743 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Menard Simply Exclude allows Reflected XSS.0.6.6. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS Simply Exclude
NVD
CVSS 3.1
5.8
EPSS
0.2%
CVE-2023-47870 MEDIUM This Month

Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Wpforo Forum
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2023-41735 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email posts to subscribers.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Email Posts To Subscribers
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-40662 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jonk @ Follow me Darling Cookies and Content Security Policy.15. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cookies And Content Security Policy
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-37972 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in MultiVendorX Product Stock Manager & Notifier for WooCommerce.0.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Product Stock Manager Notifier For Woocommerce
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-47875 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Perfmatters allows Cross Site Request Forgery.1.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Perfmatters
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-48754 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Wap Nepal Delete Post Revisions In WordPress allows Cross Site Request Forgery.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Delete Post Revisions
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-6137 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in finnj Frontier Post allows Cross Site Request Forgery.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Frontier Post
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-48744 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Offshore Web Master Availability Calendar allows Cross Site Request Forgery.2.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Availability Calendar
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-48334 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in DAEXT League Table allows Cross Site Request Forgery.13. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF League Table
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-48330 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Mike Strand Bulk Comment Remove allows Cross Site Request Forgery. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Bulk Comment Remove
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-48282 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Andrea Landonio Taxonomy filter allows Cross Site Request Forgery.2.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Taxonomy Filter
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-2267 MEDIUM This Month

An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sel 411L Firmware
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-6435 MEDIUM This Month

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/batches_view.php,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Online Invoicing System
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-6434 MEDIUM This Month

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/sections_view.php,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Online Invoicing System
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-6433 MEDIUM This Month

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Online Invoicing System
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-6432 MEDIUM This Month

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/items_view.php, in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Online Invoicing System
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-6431 MEDIUM This Month

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Online Invoicing System
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-6430 MEDIUM This Month

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Online Invoicing System
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-6429 MEDIUM This Month

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Online Invoicing System
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-6428 MEDIUM This Month

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Online Invoicing System
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-6427 MEDIUM This Month

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Online Invoicing System
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-6426 MEDIUM This Month

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Online Invoicing System
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-6424 MEDIUM This Month

A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Online Clinic Management System
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-6423 MEDIUM This Month

A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Online Clinic Management System
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-6422 MEDIUM This Month

A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Online Clinic Management System
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-6027 MEDIUM This Month

A critical flaw has been identified in elijaa/phpmemcachedadmin affecting version 1.3.0, specifically related to a stored XSS vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Phpmemcachedadmin
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-6136 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Bowo Debug Log Manager.3.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Debug Log Manager
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-36523 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email download link.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Email Download Link
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-36507 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Repute Infosystems BookingPress - Appointment Booking Calendar Plugin and Online Scheduling Plugin.0.64. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bookingpress
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-45834 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Libsyn Libsyn Publisher Hub.4.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libsyn Publisher Hub
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-25057 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Libsyn Libsyn Publisher Hub.3.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libsyn Publisher Hub
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-46820 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Iulia Cazan Image Regenerate & Select Crop.3.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Image Regenerate Select Crop
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-6344 MEDIUM This Month

Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate directories using the tiffserver/te003.aspx or te004.aspx 'ifolder' parameter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Court Case Management Plus
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-6343 MEDIUM This Month

Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate and access sensitive files using the tiffserver/tssp.aspx 'FN' and 'PN' parameters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Court Case Management Plus
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-6341 MEDIUM This Month

Catalis (previously Icon Software) CMS360 allows a remote, unauthenticated attacker to view sensitive court documents by modifying document and other identifiers in URLs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cms360
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-5965 MEDIUM This Month

An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP RCE Espocrm
NVD
CVSS 3.1
4.7
EPSS
0.9%
CVE-2023-5966 MEDIUM This Month

An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP RCE Espocrm
NVD
CVSS 3.1
4.7
EPSS
0.9%
CVE-2023-5275 MEDIUM This Month

Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure Gx Works2
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2023-5274 MEDIUM This Month

Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure Gx Works2
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2023-48328 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin - NextGEN Gallery allows Cross Site Request Forgery.37. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Nextgen Gallery
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-37890 MEDIUM This Month

Missing Authorization vulnerability in WPOmnia KB Support - WordPress Help Desk and Knowledge Base allows Accessing Functionality Not Properly Constrained by ACLs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Kb Support
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-48279 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source allows Cross Site Request Forgery.DOCX Source: from n/a through 2.16.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Seraphinite Post Docx Source
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-5803 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Business Directory Team Business Directory Plugin - Easy Listing Directories for WordPress allows Cross-Site Request Forgery.3.10. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Business Directory
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-48281 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Super Blog Me Broken Link Checker for YouTube allows Cross Site Request Forgery.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Broken Link Checker For Youtube
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-47645 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic RegistrationMagic - Custom Registration Forms, User Registration, Payment, and User Login allows Cross Site Request Forgery.2.2.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Registrationmagic
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-36685 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC CartFlows Pro allows Cross Site Request Forgery.11.12. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cartflows
NVD
CVSS 3.1
4.3
EPSS
0.2%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy