Skip to main content
CVE-2023-5629 MEDIUM This Month

A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that could cause disclosure of information through phishing attempts over HTTP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Eb450 Firmware Eb45E Firmware Eh450 Firmware Eh45E Firmware +12
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-49157 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andreas Münch Multiple Post Passwords allows Stored XSS.1.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Multiple Post Passwords
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-49842 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpexpertsio Rocket Maintenance Mode & Coming Soon Page allows Stored XSS.3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rocket Maintenance Mode Coming Soon Page
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-49841 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FancyThemes Optin Forms - Simple List Building Plugin for WordPress allows Stored XSS.3.3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Optin Forms
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-49770 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Peter Raschendorfer Smart External Link Click Monitor [Link Log] allows Stored XSS.0.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Smart External Link Click Monitor Link Log
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-49195 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Phillips Nested Pages allows Stored XSS.2.6. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nested Pages
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-49743 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Dashboard Widgets Suite allows Stored XSS.4.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dashboard Widget Suite
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-49836 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brontobytes Cookie Bar allows Stored XSS.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cookie Bar
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-6367 MEDIUM This Month

In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Whatsup Gold
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-6366 MEDIUM This Month

In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Whatsup Gold
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-6365 MEDIUM This Month

In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Whatsup Gold
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-6364 MEDIUM This Month

In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Whatsup Gold
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0248 MEDIUM This Month

An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Iosmart Gen 1 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-6595 MEDIUM This Month

In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Whatsup Gold
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-6368 MEDIUM This Month

In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Whatsup Gold
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-50713 MEDIUM PATCH This Month

Speckle Server provides server, frontend, 3D viewer, and other JavaScript utilities for the Speckle 3D data platform. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable.

Privilege Escalation Speckle Server
NVD GitHub
CVSS 3.1
5.0
EPSS
0.4%
CVE-2023-48661 MEDIUM PATCH This Month

Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal Information Disclosure Dell Solutions Enabler Virtual Appliance Unisphere For Powermax Virtual Appliance +1
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2023-5630 MEDIUM This Month

A CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a privileged user to install an untrusted firmware. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Eb450 Firmware Eb45E Firmware Eh450 Firmware Eh45E Firmware +12
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2023-6545 MEDIUM This Month

The package authelia-bhf included in Beckhoffs TwinCAT/BSD is prone to an open redirect that allows a remote unprivileged attacker to redirect a user to another site. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Authelia Bhf
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2023-44284 MEDIUM This Month

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an SQL Injection vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell SQLi Powerprotect Data Protection Apex Protection Storage Powerprotect Data Domain +2
NVD
CVSS 3.1
4.3
EPSS
0.6%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy