Skip to main content
CVE-2023-50069 MEDIUM POC This Month

WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting (SXSS) through the recording feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wiremock
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-7149 MEDIUM POC This Month

A vulnerability was found in code-projects QR Code Generator 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Qr Code Generator
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-4462 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Ccx 400 Firmware Ccx 600 Firmware Trio 8800 Firmware Trio C60 Firmware
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.9%
CVE-2023-50572 MEDIUM POC PATCH This Month

An issue in the component GroovyEngine.execute of jline-groovy v3.24.1 allows attackers to cause an OOM (OutofMemory) error. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Jline
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-50570 MEDIUM POC This Month

An issue in the component IPAddressBitsDivision of IPAddress v5.1.0 leads to an infinite loop. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ipaddress
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-7166 MEDIUM POC PATCH This Month

A vulnerability classified as problematic has been found in Novel-Plus up to 4.2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Novel Plus
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-52085 MEDIUM POC PATCH THREAT This Month

Winter is a free, open-source content management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Winter
NVD GitHub
CVSS 3.1
5.4
EPSS
30.2%
CVE-2023-7171 MEDIUM POC PATCH This Month

A vulnerability was found in Novel-Plus up to 4.2.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java XSS Novel Plus
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-7143 MEDIUM POC This Month

A vulnerability was found in code-projects Client Details System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Client Details System
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-4467 MEDIUM This Month

A vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified as critical. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Trio 8800 Firmware
NVD GitHub VulDB
CVSS 3.1
6.6
EPSS
0.3%
CVE-2023-50891 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Forms Form plugin for WordPress - Zoho Forms allows Stored XSS.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Zoho Forms
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-50880 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The BuddyPress Community BuddyPress allows Stored XSS.3.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Buddypress
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-51399 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Back Button Widget allows Stored XSS.6.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Back Button Widget
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-51397 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force WP Remote Site Search allows Stored XSS.0.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Remote Site Search
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-51396 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brizy.Io Brizy - Page Builder allows Stored XSS.4.29. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Brizy
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-50889 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder - WordPress Page Builder allows Stored XSS.7.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Beaver Builder
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-50881 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager - Restricted Content, Users & Roles, Enhanced Security and More. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Advanced Access Manager
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-50879 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS.Com Editing Toolkit: from n/a through. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Wordpress Com Editing Toolkit
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-51541 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Urošević Stock Ticker allows Stored XSS.23.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Stock Ticker
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-4465 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ccx 400 Firmware Ccx 600 Firmware Trio 8800 Firmware Trio C60 Firmware
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-52240 MEDIUM This Month

The Kantega SAML SSO OIDC Kerberos Single Sign-on apps before 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Kantega Saml Sso Oidc Kerberos Single Sign On
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-7113 MEDIUM PATCH This Month

Mattermost version 8.1.6 and earlier fails to sanitize channel mention data in posts, which allows an attacker to inject markup in the web client. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost XSS Mattermost Server
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-44089 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pandora Fms
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41815 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pandora Fms
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41814 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pandora Fms
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41813 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pandora Fms
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-7160 MEDIUM This Month

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Engineers Online Portal
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-31302 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to execute arbitrary code via the Teller field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Cash Point Transport Optimizer
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-31299 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code via the Barcode field of a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Cash Point Transport Optimizer
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-31301 MEDIUM This Month

Stored Cross Site Scripting (XSS) Vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Cash Point Transport Optimizer
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-51374 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZeroBounce ZeroBounce Email Verification & Validation allows Stored XSS.0.11. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zerobounce Email Verification Validation
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-51371 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Bit Assist
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-51361 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ginger Plugins Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sticky Chat Widget
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-50896 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weForms weForms - Easy Drag & Drop Contact Form Builder For WordPress allows Stored XSS.6.17. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Weforms
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-51372 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HashBar - WordPress Notification Bar allows Stored XSS.4.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Hashbar
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-7079 MEDIUM PATCH This Month

Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Wrangler
NVD GitHub
CVSS 3.1
5.7
EPSS
0.7%
CVE-2023-6939 MEDIUM This Month

Some Honor products are affected by type confusion vulnerability, successful exploitation could cause denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Magic Ui
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-51433 MEDIUM This Month

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Magic Ui
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-51432 MEDIUM This Month

Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Magic Ui
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-51431 MEDIUM This Month

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Phoneservice
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-51430 MEDIUM This Month

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Magic Ui
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-51429 MEDIUM This Month

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Magic Os
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-23441 MEDIUM This Month

Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Magic Ui
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-23440 MEDIUM This Month

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lge An00 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-23439 MEDIUM This Month

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lge An00 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-23438 MEDIUM This Month

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lge An00 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-23437 MEDIUM This Month

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Vmall
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-23426 MEDIUM This Month

Some Honor products are affected by file writing vulnerability, successful exploitation could cause information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fri An00 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-31292 MEDIUM This Month

An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows local attackers to obtain sensitive information and bypass authentication via "Back Button Refresh". Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cash Point Transport Optimizer
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-23434 MEDIUM This Month

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Honorboardapp
NVD
CVSS 3.1
5.5
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy