Skip to main content
CVE-2023-50831 MEDIUM POC This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme CURCY - Multi Currency for WooCommerce allows Stored XSS.2.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Curcy
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-50833 MEDIUM POC This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExtendThemes Colibri Page Builder allows Stored XSS.0.239. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Colibri Page Builder
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-7040 MEDIUM POC This Month

A vulnerability classified as problematic was found in codelyfe Stupid Simple CMS up to 1.2.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Stupid Simple Cms
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-7038 MEDIUM POC PATCH This Month

A vulnerability was found in automad up to 1.10.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Automad
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-7026 MEDIUM POC This Month

A vulnerability was found in Lightxun IPTV Gateway up to 20231208. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Iptv Gateway
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-50732 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
6.3
EPSS
0.5%
CVE-2023-50724 MEDIUM POC PATCH This Month

Resque (pronounced like "rescue") is a Redis-backed library for creating background jobs, placing those jobs on multiple queues, and processing them later. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Redis XSS Resque
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-50832 MEDIUM POC This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mondula GmbH Multi Step Form allows Stored XSS.7.13. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Multi Step Form
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-50828 MEDIUM POC This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Vongries Ultimate Dashboard - Custom WordPress Dashboard allows Stored XSS.7.11. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Ultimate Dashboard
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-4256 MEDIUM POC This Month

Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tcpreplay Extra Packages For Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-4255 MEDIUM POC PATCH This Month

An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Denial Of Service W3M Extra Packages For Enterprise Linux +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-7050 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Notes Sharing System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-7041 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in codelyfe Stupid Simple CMS up to 1.2.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Stupid Simple Cms
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.9%
CVE-2023-7036 MEDIUM POC This Month

A vulnerability was found in automad up to 1.10.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Automad
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-48116 MEDIUM POC This Month

SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Smartermail
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-48115 MEDIUM POC This Month

SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Smartermail
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-48114 MEDIUM POC This Month

SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Smartermail
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-7051 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Online Notes Sharing System
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-32799 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Shipping Multiple Addresses.8.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Shipping Multiple Addresses
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-45377 MEDIUM This Month

Unrestricted Upload of File with Dangerous Type vulnerability in Glen Don L. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload WordPress Drag And Drop Multiple File Upload For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-47191 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify - BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress.2.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Youzify
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-50834 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in August Infotech WooCommerce Menu Extension allows Stored XSS.6.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Woocommerce Menu Extension
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-50825 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terrier Tenacity iframe Shortcode allows Stored XSS.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Iframe Shortcode
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-50824 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Batt Insert or Embed Articulate Content into WordPress allows Stored XSS.3000000021. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Insert Or Embed Articulate Content
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-50823 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wipeout Media CSS & JavaScript Toolbox allows Stored XSS.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Css Javascript Toolbox
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-50822 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Currency.Wiki Currency Converter Widget - Exchange Rates allows Stored XSS.0.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Currency Converter Widget Exchange Rates
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-6802 MEDIUM This Month

An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Enterprise Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-40058 MEDIUM This Month

Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Access Rights Manager
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-50783 MEDIUM PATCH This Month

Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Apache Authentication Bypass Airflow
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2023-49920 MEDIUM PATCH This Month

Apache Airflow, version 2.7.0 through 2.7.3, has a vulnerability that allows an attacker to trigger a DAG in a GET request without CSRF validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Apache CSRF Airflow
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-47093 MEDIUM This Month

An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Stormshield Network Security
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-6122 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in İstanbul Soft Informatics and Consultancy Limited Company Softomi Gelişmiş C2C Pazaryeri Yazılımı. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Advanced C2C Marketplace Software
NVD VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-5989 MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uyumsoft Information System and Technologies' LioXERP allows an authenticated user to execute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Lioxerp
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-5988 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uyumsoft Information System and Technologies LioXERP allows Reflected XSS.146. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Lioxerp
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-37520 MEDIUM This Month

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Bigfix Platform
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-37519 MEDIUM This Month

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Bigfix Platform
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-2487 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.4.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Export All Posts Products Orders Refunds Users
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-50829 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aerin Loan Repayment Calculator and Application Form allows Stored XSS.9.3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Loan Repayment Calculator And Application Form
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-50830 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seosbg Seos Contact Form allows Stored XSS.8.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Seos Contact Form
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-50826 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Freshlight Lab Menu Image, Icons made easy allows Stored XSS.10. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Menu Image Icons Made Easy
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-50377 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AB-WP Simple Counter allows Stored XSS.0.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Simple Counter
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-47527 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sajjad Hossain Sagor WP Edit Username allows Stored XSS.0.5. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Edit Username
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-47525 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Event Management Tickets Booking event-monster allows DOM-Based XSS.4.9. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-50827 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Accredible Accredible Certificates & Open Badges allows Stored XSS.4.8. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Accredible Certificates Open Badges
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-6746 MEDIUM This Month

An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack`. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Enterprise Server
NVD GitHub
CVSS 3.1
5.7
EPSS
0.5%
CVE-2023-6804 MEDIUM This Month

Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Enterprise Server
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-7042 MEDIUM PATCH This Month

A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-49762 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AppMySite AppMySite - Create an app with the Best Mobile App Builder.11.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Appmysite
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-28421 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Winwar Media WordPress Email Marketing Plugin - WP Email Capture.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Wp Email Capture
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-32747 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.15.78. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Woocommerce Bookings
NVD
CVSS 3.1
5.4
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy