Skip to main content
CVE-2023-46218 MEDIUM POC PATCH This Month

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Fedora
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-6566 MEDIUM POC PATCH This Month

Business Logic Errors in GitHub repository microweber/microweber prior to 2.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Microweber
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-49493 MEDIUM POC This Month

DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at selectimages.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Dedecms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-49492 MEDIUM POC This Month

DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the imgstick parameter at selectimages.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Dedecms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-48206 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability in GaatiTrack Courier Management System 1.0 allows a remote attacker to inject JavaScript via the page parameter to login.php or header.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Courier Management System
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-6568 MEDIUM POC PATCH This Month

A reflected Cross-Site Scripting (XSS) vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python XSS Mlflow
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2023-48958 MEDIUM POC This Month

gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:4589. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-40238 MEDIUM POC This Month

A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Lenovo Information Disclosure Esprimo D556 2 Firmware Esprimo D6011 Firmware Esprimo D6012 Firmware +182
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2023-46974 MEDIUM POC This Month

Cross Site Scripting vulnerability in Best Courier Management System v.1.000 allows a remote attacker to execute arbitrary code via a crafted payload to the page parameter in the URL. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Courier Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-48838 MEDIUM POC This Month

Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Appointment Scheduler
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-48837 MEDIUM POC This Month

Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Car Rental Script
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-48836 MEDIUM POC This Month

Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Car Rental Script
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-48828 MEDIUM POC This Month

Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Time Slots Booking Calendar
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-48827 MEDIUM POC This Month

Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injection issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Time Slots Booking Calendar
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-48825 MEDIUM POC This Month

Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Availability Booking Calendar
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-48824 MEDIUM POC This Month

BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the title, subtitle, footer, or keywords parameter in a page=create action. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Boidcms
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-48172 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Shuttle Booking Software
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-46857 MEDIUM POC This Month

Squidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Squidex
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-46871 MEDIUM POC This Month

GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a memory leak in NewSFDouble scenegraph/vrml_tools.c:300. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-48205 MEDIUM POC This Month

Jorani Leave Management System 1.0.2 allows a remote attacker to spoof a Host header associated with password reset emails. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Leave Management System
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-43299 MEDIUM POC This Month

An issue in DA BUTCHERS mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-43298 MEDIUM POC This Month

An issue in SCOL Members Card mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-6577 MEDIUM POC This Month

A vulnerability was found in Byzoro PatrolFlow 2530Pro up to 20231126. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Patrolflow Am 2530Pro Firmware
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
1.2%
CVE-2023-46916 MEDIUM POC This Month

Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Maxima Max Pro Power Firmware
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-6578 MEDIUM This Month

A vulnerability classified as critical has been found in Software AG WebMethods 10.11.x/10.15.x. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Webmethods
NVD VulDB
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-47440 MEDIUM PATCH This Month

Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Gladys Assistant
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-6588 MEDIUM This Month

Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Workspace
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-46693 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in FormaLMS before 4.0.5 allows attackers to run arbitrary code via title parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Formalms
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-41170 MEDIUM This Month

NetScout nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ngeniusone
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-49225 MEDIUM PATCH This Month

A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS R750 Firmware R650 Firmware R730 Firmware T750 Firmware +33
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-48208 MEDIUM This Month

A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Availability Booking Calendar
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-43103 MEDIUM PATCH This Month

An XSS issue was discovered in a web endpoint in Zimbra Collaboration (ZCS) before 10.0.4 via an unsanitized parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Collaboration
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-43102 MEDIUM PATCH This Month

An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Collaboration
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-6333 MEDIUM PATCH This Month

The affected ControlByWeb Relay products are vulnerable to a stored cross-site scripting vulnerability, which could allow an attacker to inject arbitrary scripts into the endpoint of a web interface. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS X 332 24I Firmware X 301 I Firmware X 301 24I Firmware
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-41905 MEDIUM This Month

NETSCOUT nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting (XSS) vulnerability by an authenticated user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ngeniusone
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-41172 MEDIUM This Month

NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 4 of 4). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ngeniusone
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-41171 MEDIUM This Month

NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 3 of 4). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ngeniusone
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-41169 MEDIUM This Month

NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 2 of 4). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ngeniusone
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-41168 MEDIUM This Month

NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 1 of 4). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ngeniusone
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-48839 MEDIUM This Month

Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Appointment Scheduler
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-28017 MEDIUM PATCH This Month

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Connections
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-35909 MEDIUM This Month

Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form - The Drag and Drop Form Builder for WordPress leading to DoS.6.25. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service WordPress Ninja Forms
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-46641 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Code for Recovery 12 Step Meeting List.14.24. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF 12 Step Meeting List
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2023-49746 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Softaculous Team SpeedyCache - Cache, Optimization, Performance.1.2. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF Speedycache
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2023-36880 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Google Microsoft Edge Chromium
NVD
CVSS 3.1
4.8
EPSS
1.6%
CVE-2023-45762 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Michael Uno (miunosoft) Responsive Column Widgets.2.7. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Responsive Column Widgets
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2023-47548 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SoftLab Integrate Google Drive - Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Open Redirect WordPress Integrate Google Drive
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2023-48325 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps Landing Page Builder - Lead Page - Optin Page - Squeeze Page - WordPress Landing Pages.5.1.5. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Open Redirect Landing Page Builder
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2023-47779 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Integration For Constant Contact And Contact Form 7 Wpforms Elementor Ninja Elementor
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2023-5713 MEDIUM PATCH This Month

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_option_value() function hooked via an AJAX action in all versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass System Dashboard
NVD VulDB
CVSS 3.1
4.3
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy