Skip to main content
CVE-2023-5672 MEDIUM POC This Month

The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress Wp Mail Log
NVD WPScan
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-49438 MEDIUM POC PATCH This Month

An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Open Redirect Flask Security Too
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2023-48003 MEDIUM POC This Month

An open redirect through HTML injection in user messages in Asp.Net Zero before 12.3.0 allows remote attackers to redirect targeted victims to any URL via the '<meta http-equiv="refresh"' in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Asp Net Zero
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-6268 MEDIUM POC This Month

The JSON Content Importer WordPress plugin before 1.5.4 does not sanitise and escape the tab parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Json Content Importer
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-6166 MEDIUM POC This Month

The Quiz Maker WordPress plugin before 6.4.9.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Quiz Maker
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-27150 MEDIUM POC This Month

openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage Activity. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencrx
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-6155 MEDIUM POC This Month

The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated attacker to perform a search for users of the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Quiz Maker
NVD WPScan
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-5980 MEDIUM POC This Month

The BSK Forms Blacklist WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Bsk Forms Blacklist
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-45741 MEDIUM PATCH This Month

VR-S1000 firmware Ver. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Vr S1000 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-51363 MEDIUM PATCH This Month

VR-S1000 firmware Ver. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Vr S1000 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-50332 MEDIUM This Month

Improper authorization vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.0.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Growi
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-50294 MEDIUM This Month

The App Settings (/admin/app) page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Growi
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-50297 MEDIUM This Month

Open redirect vulnerability in PowerCMS (6 Series, 5 Series, and 4 Series) allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Powercms
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-51654 MEDIUM This Month

Improper link resolution before file access ('Link Following') issue exists in iPrint&Scan Desktop for Windows versions 11.0.0 and earlier. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Iprint Scan
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-50339 MEDIUM This Month

Stored cross-site scripting vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.1.11. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Growi
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-50175 MEDIUM This Month

Stored cross-site scripting vulnerability exists in the App Settings (/admin/app) page, the Markdown Settings (/admin/markdown) page, and the Customize (/admin/customize) page of GROWI versions prior. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Growi
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-49807 MEDIUM This Month

Stored cross-site scripting vulnerability when processing the MathJax exists in GROWI versions prior to v6.0.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Growi
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-49779 MEDIUM This Month

Stored cross-site scripting vulnerability exists in the anchor tag of GROWI versions prior to v6.0.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Growi
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-49598 MEDIUM This Month

Stored cross-site scripting vulnerability exists in the event handlers of the pre tags in GROWI versions prior to v6.0.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Growi
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-49119 MEDIUM This Month

Stored cross-site scripting vulnerability via the img tags exists in GROWI versions prior to v6.0.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Growi
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47215 MEDIUM This Month

Stored cross-site scripting vulnerability which is exploiting a behavior of the XSS Filter exists in GROWI versions prior to v6.0.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Growi
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-45740 MEDIUM This Month

Stored cross-site scripting vulnerability when processing profile images exists in GROWI versions prior to v4.1.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Growi
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-45737 MEDIUM This Month

Stored cross-site scripting vulnerability exists in the App Settings (/admin/app) page and the Markdown Settings (/admin/markdown) page of GROWI versions prior to v3.5.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Growi
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-42436 MEDIUM This Month

Stored cross-site scripting vulnerability exists in the presentation feature of GROWI versions prior to v3.4.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Growi
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-49117 MEDIUM This Month

PowerCMS (6 Series, 5 Series, and 4 Series) contains a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Powercms
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-46711 MEDIUM PATCH This Month

VR-S1000 firmware Ver. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Vr S1000 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2023-46699 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability exists in the User settings (/me) page of GROWI versions prior to v6.0.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Growi
NVD
CVSS 3.1
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy