Skip to main content
CVE-2023-51396 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brizy.Io Brizy - Page Builder allows Stored XSS.4.29. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Brizy
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-50889 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder - WordPress Page Builder allows Stored XSS.7.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Beaver Builder
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-50881 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager - Restricted Content, Users & Roles, Enhanced Security and More. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Advanced Access Manager
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-50879 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS.Com Editing Toolkit: from n/a through. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Wordpress Com Editing Toolkit
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-51541 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Urošević Stock Ticker allows Stored XSS.23.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Stock Ticker
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-4465 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ccx 400 Firmware Ccx 600 Firmware Trio 8800 Firmware Trio C60 Firmware
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-52240 MEDIUM This Month

The Kantega SAML SSO OIDC Kerberos Single Sign-on apps before 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Kantega Saml Sso Oidc Kerberos Single Sign On
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-7113 MEDIUM PATCH This Month

Mattermost version 8.1.6 and earlier fails to sanitize channel mention data in posts, which allows an attacker to inject markup in the web client. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost XSS Mattermost Server
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-44089 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pandora Fms
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41815 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pandora Fms
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41814 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pandora Fms
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41813 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pandora Fms
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-7160 MEDIUM This Month

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Engineers Online Portal
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-31302 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to execute arbitrary code via the Teller field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Cash Point Transport Optimizer
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-31299 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code via the Barcode field of a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Cash Point Transport Optimizer
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-31301 MEDIUM This Month

Stored Cross Site Scripting (XSS) Vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Cash Point Transport Optimizer
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-51374 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZeroBounce ZeroBounce Email Verification & Validation allows Stored XSS.0.11. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zerobounce Email Verification Validation
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-51371 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Bit Assist
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-51361 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ginger Plugins Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sticky Chat Widget
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-50896 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weForms weForms - Easy Drag & Drop Contact Form Builder For WordPress allows Stored XSS.6.17. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Weforms
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-51372 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HashBar - WordPress Notification Bar allows Stored XSS.4.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Hashbar
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-7079 MEDIUM PATCH This Month

Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Wrangler
NVD GitHub
CVSS 3.1
5.7
EPSS
0.7%
CVE-2023-6939 MEDIUM This Month

Some Honor products are affected by type confusion vulnerability, successful exploitation could cause denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Magic Ui
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-51433 MEDIUM This Month

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Magic Ui
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-51432 MEDIUM This Month

Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Magic Ui
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-51431 MEDIUM This Month

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Phoneservice
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-51430 MEDIUM This Month

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Magic Ui
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-51429 MEDIUM This Month

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Magic Os
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-23441 MEDIUM This Month

Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Magic Ui
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-23440 MEDIUM This Month

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lge An00 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-23439 MEDIUM This Month

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lge An00 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-23438 MEDIUM This Month

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lge An00 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-23437 MEDIUM This Month

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Vmall
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-23426 MEDIUM This Month

Some Honor products are affected by file writing vulnerability, successful exploitation could cause information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fri An00 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-31292 MEDIUM This Month

An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows local attackers to obtain sensitive information and bypass authentication via "Back Button Refresh". Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cash Point Transport Optimizer
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-23434 MEDIUM This Month

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Honorboardapp
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-51688 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress.3.26. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Ecommerce Product Catalog
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-51687 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode Product Catalog Simple.7.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Product Catalog Simple
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-51378 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Rise Themes Rise Blocks - A Complete Gutenberg Page Builder.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Rise Blocks
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-50878 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in InspireUI MStore API.10.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mstore Api
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-51358 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Bright Plugins Block IPs for Gravity Forms.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Block Ips For Gravity Forms
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-51527 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Senol Sahin AI Power: Complete AI Pack - Powered by GPT-4.8.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aipower
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-51663 MEDIUM PATCH This Month

Hail is an open-source, general-purpose, Python-based data analysis tool with additional data types and methods for working with genomic data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Google Information Disclosure Microsoft Hail
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-31296 MEDIUM This Month

CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cash Point Transport Optimizer
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-51676 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Leevio Happy Addons for Elementor.9.1.1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF Happy Addons For Elementor Elementor
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2023-4466 MEDIUM This Month

A vulnerability has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60 and classified as problematic. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ccx 400 Firmware Ccx 600 Firmware Trio 8800 Firmware Trio C60 Firmware
NVD VulDB GitHub
CVSS 3.1
4.9
EPSS
0.5%
CVE-2023-31298 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Cash Point Transport Optimizer
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-32101 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Pexle Chris Library Viewer.0.6. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Library Viewer
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2023-31095 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms.2.8. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Database For Contact Form 7 Wpforms Elementor Forms Elementor
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2023-32517 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder.0.9.3. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Mailchimp
NVD
CVSS 3.1
4.7
EPSS
0.2%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy