Skip to main content
CVE-2023-6570 MEDIUM POC This Month

Server-Side Request Forgery (SSRF) in kubeflow/kubeflow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Kubeflow
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-6571 MEDIUM POC This Month

Cross-site Scripting (XSS) - Reflected in kubeflow/kubeflow. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kubeflow
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-41618 MEDIUM POC This Month

Emlog Pro v2.1.14 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin/article.php?active_savedraft. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Emlog
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-49786 MEDIUM POC PATCH This Month

Asterisk is an open source private branch exchange and telephony toolkit. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Amd Denial Of Service Microsoft Asterisk Certified Asterisk
NVD GitHub
CVSS 3.1
5.9
EPSS
5.3%
CVE-2023-6134 MEDIUM POC PATCH This Month

A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Single Sign On Keycloak Openshift Container Platform Openshift Container Platform For Power +1
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2023-50137 MEDIUM POC This Month

JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the site management office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microsoft Jfinalcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-50102 MEDIUM POC This Month

JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinalcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-50101 MEDIUM POC This Month

JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label management editing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinalcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-50100 MEDIUM POC This Month

JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carousel image editing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinalcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-50566 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eyoucms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-50565 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the component /logs/dopost.html in RPCMS v3.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rpcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-50710 MEDIUM POC PATCH This Month

Hono is a web framework written in TypeScript. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Hono
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-48668 MEDIUM This Month

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC contain an OS command injection vulnerability in an admin operation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Powerprotect Data Domain Management Center
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2023-44279 MEDIUM This Month

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Powerprotect Data Protection Apex Protection Storage Powerprotect Data Domain +2
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2023-44278 MEDIUM This Month

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a path traversal vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Dell Powerprotect Data Protection Apex Protection Storage Powerprotect Data Domain +2
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-49152 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Labs64 Credit Tracker allows Stored XSS.1.17. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Credit Tracker
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-49151 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simple Calendar Simple Calendar - Google Calendar Plugin allows Stored XSS.2.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Google Simple Calendar
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-49860 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager - Task, team, and project management plugin featuring kanban board and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Project Manager
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-49150 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Crypto Converter Widget allows Stored XSS.8.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Crypto Converter Widget
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-49149 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Currency Converter Calculator allows Stored XSS.3.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Currency Converter Calculator
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-48780 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnigmaWeb WP Catalogue allows Stored XSS.7.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Catalogue
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-48770 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nima Saberi Aparat allows Stored XSS.7.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Aparat
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-49820 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gordon Böhme, Antonio Leutsch Structured Content (JSON-LD) #wpsc allows Stored XSS.5.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Structured Content
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-49173 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10to8 Sign In Scheduling Online Appointment Booking System allows Stored XSS.0.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sign In Scheduling Online Appointment Booking System
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-49745 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.9.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Spiffy Calendar
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-49168 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPlus Better Messages - Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Better Messages
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-50370 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Livemesh WPBakery Page Builder Addons by Livemesh allows Stored XSS.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wpbakery Page Builder Addons WPBakery Page Builder
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-50369 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alma Alma - Pay in installments or later for WooCommerce allows Stored XSS.1.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Alma
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-50368 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Shortcodes and extra features for Phlox theme allows Stored XSS.15.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Shortcodes And Extra Features For Phlox Theme
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-49847 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Twinpictures Annual Archive allows Stored XSS.6.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Annual Archive
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-49846 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Bearne Author Avatars List/Block allows Stored XSS.1.17. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Author Avatars List Block
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-50371 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Page Visit Counter Advanced Page Visit Counter - Most Wanted Analytics Plugin for WordPress. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Advanced Page Visit Counter
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-49828 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooPayments - Fully Integrated Solution Built and Supported by Woo allows Stored. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Woopayments
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-49833 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Spectra - WordPress Gutenberg Blocks allows Stored XSS.7.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Spectra
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-46144 MEDIUM This Month

A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Axc F 1152 Firmware Axc F 2152 Firmware Axc F 3152 Firmware Bpc 9102S Firmware +5
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-45182 MEDIUM This Month

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM I Access Client Solutions
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-25642 MEDIUM This Month

There is a buffer overflow vulnerability in some ZTE mobile internet producsts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Zte Mc801A Firmware Mc801A1 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-25650 MEDIUM This Month

There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zxcloud Irai
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-21751 MEDIUM PATCH This Month

Azure DevOps Server Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Azure Devops Server
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-5769 MEDIUM This Month

A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rtu520 Firmware Rtu530 Firmware Rtu540 Firmware Rtu560 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-44286 MEDIUM This Month

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a DOM-based Cross-Site Scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure XSS Dell Powerprotect Data Protection Apex Protection Storage +3
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-49739 MEDIUM This Month

Vulnerability in IdeaBox Creations PowerPack Pro for Elementor.9.23. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Powerpack Addons For Elementor
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-46750 MEDIUM PATCH This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Open Redirect Shiro
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2023-40659 MEDIUM This Month

A reflected XSS vulnerability was discovered in the Easy Quick Contact module for Joomla. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Easy Quick Contact
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-40658 MEDIUM This Month

A reflected XSS vulnerability was discovered in the Clicky Analytics Dashboard module for Joomla. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Clicky Analytics Dashboard
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-40657 MEDIUM This Month

A reflected XSS vulnerability was discovered in the Joomdoc component for Joomla. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomdoc
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-40656 MEDIUM This Month

A reflected XSS vulnerability was discovered in the Quickform component for Joomla. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Quickform
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-40655 MEDIUM This Month

A reflected XSS vulnerability was discovered in the Proforms Basic component for Joomla. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Proforms
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-40628 MEDIUM This Month

A reflected XSS vulnerability was discovered in the Extplorer component for Joomla. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Extplorer
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-40627 MEDIUM This Month

A reflected XSS vulnerability was discovered in the LivingWord component for Joomla. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Livingword
NVD
CVSS 3.1
6.1
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy