Skip to main content
CVE-2023-48668 MEDIUM This Month

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC contain an OS command injection vulnerability in an admin operation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Powerprotect Data Domain Management Center
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2023-44279 MEDIUM This Month

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Powerprotect Data Protection Apex Protection Storage Powerprotect Data Domain +2
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2023-44278 MEDIUM This Month

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a path traversal vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Dell Powerprotect Data Protection Apex Protection Storage Powerprotect Data Domain +2
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-49152 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Labs64 Credit Tracker allows Stored XSS.1.17. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Credit Tracker
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-49151 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simple Calendar Simple Calendar - Google Calendar Plugin allows Stored XSS.2.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Google Simple Calendar
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-49860 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager - Task, team, and project management plugin featuring kanban board and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Project Manager
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-49150 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Crypto Converter Widget allows Stored XSS.8.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Crypto Converter Widget
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-49149 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Currency Converter Calculator allows Stored XSS.3.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Currency Converter Calculator
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-48780 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnigmaWeb WP Catalogue allows Stored XSS.7.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Catalogue
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-48770 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nima Saberi Aparat allows Stored XSS.7.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Aparat
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-49820 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gordon Böhme, Antonio Leutsch Structured Content (JSON-LD) #wpsc allows Stored XSS.5.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Structured Content
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-49173 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10to8 Sign In Scheduling Online Appointment Booking System allows Stored XSS.0.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sign In Scheduling Online Appointment Booking System
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-49745 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.9.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Spiffy Calendar
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-49168 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPlus Better Messages - Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Better Messages
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-50370 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Livemesh WPBakery Page Builder Addons by Livemesh allows Stored XSS.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wpbakery Page Builder Addons WPBakery Page Builder
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-50369 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alma Alma - Pay in installments or later for WooCommerce allows Stored XSS.1.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Alma
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-50368 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Shortcodes and extra features for Phlox theme allows Stored XSS.15.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Shortcodes And Extra Features For Phlox Theme
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-49847 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Twinpictures Annual Archive allows Stored XSS.6.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Annual Archive
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-49846 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Bearne Author Avatars List/Block allows Stored XSS.1.17. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Author Avatars List Block
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-50371 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Page Visit Counter Advanced Page Visit Counter - Most Wanted Analytics Plugin for WordPress. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Advanced Page Visit Counter
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-49828 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooPayments - Fully Integrated Solution Built and Supported by Woo allows Stored. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Woopayments
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-49833 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Spectra - WordPress Gutenberg Blocks allows Stored XSS.7.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Spectra
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-46144 MEDIUM This Month

A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Axc F 1152 Firmware Axc F 2152 Firmware Axc F 3152 Firmware Bpc 9102S Firmware +5
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-45182 MEDIUM This Month

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM I Access Client Solutions
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-25642 MEDIUM This Month

There is a buffer overflow vulnerability in some ZTE mobile internet producsts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Zte Mc801A Firmware Mc801A1 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-25650 MEDIUM This Month

There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zxcloud Irai
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-21751 MEDIUM PATCH This Month

Azure DevOps Server Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Azure Devops Server
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-5769 MEDIUM This Month

A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rtu520 Firmware Rtu530 Firmware Rtu540 Firmware Rtu560 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-44286 MEDIUM This Month

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a DOM-based Cross-Site Scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure XSS Dell Powerprotect Data Protection Apex Protection Storage +3
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-49739 MEDIUM This Month

Vulnerability in IdeaBox Creations PowerPack Pro for Elementor.9.23. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Powerpack Addons For Elementor
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-46750 MEDIUM PATCH This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Open Redirect Shiro
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2023-40659 MEDIUM This Month

A reflected XSS vulnerability was discovered in the Easy Quick Contact module for Joomla. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Easy Quick Contact
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-40658 MEDIUM This Month

A reflected XSS vulnerability was discovered in the Clicky Analytics Dashboard module for Joomla. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Clicky Analytics Dashboard
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-40657 MEDIUM This Month

A reflected XSS vulnerability was discovered in the Joomdoc component for Joomla. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomdoc
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-40656 MEDIUM This Month

A reflected XSS vulnerability was discovered in the Quickform component for Joomla. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Quickform
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-40655 MEDIUM This Month

A reflected XSS vulnerability was discovered in the Proforms Basic component for Joomla. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Proforms
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-40628 MEDIUM This Month

A reflected XSS vulnerability was discovered in the Extplorer component for Joomla. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Extplorer
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-40627 MEDIUM This Month

A reflected XSS vulnerability was discovered in the LivingWord component for Joomla. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Livingword
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-5629 MEDIUM This Month

A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that could cause disclosure of information through phishing attempts over HTTP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Eb450 Firmware Eb45E Firmware Eh450 Firmware Eh45E Firmware +12
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-49157 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andreas Münch Multiple Post Passwords allows Stored XSS.1.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Multiple Post Passwords
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-49842 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpexpertsio Rocket Maintenance Mode & Coming Soon Page allows Stored XSS.3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rocket Maintenance Mode Coming Soon Page
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-49841 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FancyThemes Optin Forms - Simple List Building Plugin for WordPress allows Stored XSS.3.3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Optin Forms
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-49770 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Peter Raschendorfer Smart External Link Click Monitor [Link Log] allows Stored XSS.0.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Smart External Link Click Monitor Link Log
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-49195 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Phillips Nested Pages allows Stored XSS.2.6. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nested Pages
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-49743 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Dashboard Widgets Suite allows Stored XSS.4.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dashboard Widget Suite
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-49836 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brontobytes Cookie Bar allows Stored XSS.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cookie Bar
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-6367 MEDIUM This Month

In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Whatsup Gold
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-6366 MEDIUM This Month

In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Whatsup Gold
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-6365 MEDIUM This Month

In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Whatsup Gold
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-6364 MEDIUM This Month

In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Whatsup Gold
NVD
CVSS 3.1
5.4
EPSS
0.5%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy