Skip to main content
CVE-2023-52257 MEDIUM POC This Month

LogoBee 0.2 allows updates.php?id= XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Logobee
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-52265 MEDIUM POC PATCH This Month

IDURAR (aka idurar-erp-crm) through 2.0.1 allows stored XSS via a PATCH request with a crafted JSON email template in the /api/email/update data. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Idurar
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-7173 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hospital Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
1.5%
CVE-2023-7180 MEDIUM POC This Month

A vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Office Anywhere
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-52264 MEDIUM PATCH This Month

The beesblog (aka Bees Blog) component before 1.6.2 for thirty bees allows Reflected XSS because controllers/front/post.php sharing_url is mishandled. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Bees Blog
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-52263 MEDIUM PATCH This Month

Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Browser
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-38023 MEDIUM This Month

An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Scone
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-38022 MEDIUM This Month

An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.29 for Intel SGX. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Authentication Bypass Confidential Computing Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-38021 MEDIUM This Month

An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.32 for Intel SGX. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Authentication Bypass Confidential Computing Manager
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-50559 MEDIUM This Month

An issue was discovered in XiangShan v2.1, allows local attackers to obtain sensitive information via the L1D cache. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xiangshan
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-50550 MEDIUM PATCH This Month

layui up to v2.74 was discovered to contain a cross-site scripting (XSS) vulnerability via the data-content parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Layui
NVD
CVSS 3.1
5.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy