Skip to main content
CVE-2023-40600 MEDIUM POC THREAT This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 60.2%.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
60.2%
Threat
4.4
CVE-2023-47505 MEDIUM POC This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor.Com Elementor allows Cross-Site Scripting (XSS).16.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Website Builder Elementor
NVD
CVSS 3.1
6.5
EPSS
4.8%
CVE-2023-47777 MEDIUM POC This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce, Automattic WooCommerce Blocks allows Stored XSS.1.1; WooCommerce Blocks:. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Woocommerce Woocommerce Blocks
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-45050 MEDIUM POC This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Jetpack - WP Security, Backup, Speed, & Growth allows Stored XSS.8-a.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jetpack
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-48894 MEDIUM POC This Month

Incorrect Access Control vulnerability in jshERP V3.3 allows attackers to obtain sensitive information via the doFilter function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jsherp
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-49076 MEDIUM POC PATCH This Month

Customer-data-framework allows management of customer data within Pimcore. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Pimcore
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-6439 MEDIUM POC This Month

A vulnerability classified as problematic was found in ZenTao PMS 18.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zentao
NVD VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-49081 MEDIUM POC PATCH This Month

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Python Aiohttp
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-6442 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Nipah Virus Testing Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-6440 MEDIUM POC This Month

A vulnerability was found in SourceCodester Book Borrower System 1.0 and classified as problematic.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Book Borrower System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-6425 MEDIUM POC This Month

A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Clinic Management System
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-6352 MEDIUM POC This Month

The default configuration of Aquaforest TIFF Server allows access to arbitrary file paths, subject to any restrictions imposed by Internet Information Services (IIS) or Microsoft Windows. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Microsoft Tiff Server
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2023-6438 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Icecms
NVD VulDB
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-37868 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons PRO.9.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Premium Addons
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-48333 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pluggabl LLC Booster for WooCommerce.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure Booster For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-26533 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gesundheit Bewegt GmbH Zippy.6.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zippy
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-32291 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MonsterInsights Pro allows Stored XSS.14.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Monsterinsights
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-48749 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme nectar Salient Core allows Stored XSS.0.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Salient Core
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-48321 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP - Accelerated Mobile Pages allows Stored XSS.0.88.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Amp For Wp
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-47877 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Perfmatters allows Stored XSS.2.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Perfmatters
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-47872 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team wpForo Forum allows Stored XSS.2.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wpforo Forum
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-47853 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred myCred - Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin allows Stored. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mycred
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-45609 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POWR.Io Contact Form - Custom Builder, Payment Form, and More allows Stored XSS.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Powr Pack
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-40674 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lasso Simple URLs - Link Cloaking, Product Displays, and Affiliate Link Management allows Stored. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Simple Urls
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-48289 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SpreadsheetConverter Import Spreadsheets from Microsoft Excel allows Stored XSS.1.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Import Spreadsheets
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-47854 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Howard Ehrenberg Parallax Image allows Stored XSS.7.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Parallax Image
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-47850 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PeepSo Community by PeepSo - Social Network, Membership, Registration, User Profiles allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Peepso
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-48336 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cybernetikz Easy Social Icons allows Stored XSS.2.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Easy Social Icons
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-48317 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Vatsa Display Custom Post allows Stored XSS.2.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Display Custom Post
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-44143 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bamboo Mcr Bamboo Columns allows Stored XSS.6.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Bamboo Columns
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-47827 MEDIUM This Month

Incorrect Authorization vulnerability in NicheAddons Events Addon for Elementor allows Accessing Functionality Not Properly Constrained by ACLs.1.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Events Addon For Elementor Elementor
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-34030 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Request Forgery.4.5; Complianz Premium: from n/a through. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Complianz
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-47851 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Akhtarujjaman Shuvo Bootstrap Shortcodes Ultimate allows Stored XSS.3.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Bootstrap Shortcodes Ultimate Bootstrap
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-42916 MEDIUM KEV THREAT This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple Safari Ipados +5
NVD
CVSS 3.1
6.5
EPSS
17.8%
CVE-2023-34390 MEDIUM This Month

An input validation vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to create a denial of service against the system and locking out. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Sel 451 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-34389 MEDIUM This Month

An allocation of resources without limits or throttling vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to make the system unavailable for. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Sel 451 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-49620 MEDIUM PATCH This Month

Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Dolphinscheduler
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-31177 MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the Schweitzer Engineering Laboratories SEL-451 could allow an attacker to craft a link that could execute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Sel 451 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2266 MEDIUM This Month

An Improper neutralization of input during web page generation in the Schweitzer Engineering Laboratories SEL-411L could allow an attacker to generate cross-site scripting based attacks against an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sel 411L Firmware
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-2265 MEDIUM This Month

An Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sel 411L Firmware
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-6420 MEDIUM This Month

A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via signup2.php in the emailadd parameter, the exploitation of which could allow a remote attacker to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Voovi
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-6419 MEDIUM This Month

A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via editprofile.php in multiple parameters, the exploitation of which could allow a remote attacker. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Voovi
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-49077 MEDIUM This Month

Mailcow: dockerized is an open source groupware/email suite based on docker. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Docker Mailcow
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-45066 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.4.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Export All Posts Products Orders Refunds Users
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2023-40680 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Yoast Yoast SEO allows Stored XSS.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Yoast Seo
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2023-48320 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebDorado SpiderVPlayer allows Stored XSS.5.22. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Spidervplayer
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2023-34018 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoundCloud Inc. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Soundcloud Shortcode
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-39921 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molongui Author Box, Guest Author and Co-Authors for Your Posts - Molongui allows Stored XSS.6.19. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Molongui
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-41128 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Iqonic Design WP Roadmap - Product Feedback Board allows Stored XSS.0.8. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Roadmap
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-41127 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Evergreen Content Poster Evergreen Content Poster - Auto Post and Schedule Your Best Content to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Evergreen Content Poster
NVD
CVSS 3.1
5.9
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy