Skip to main content
CVE-2023-51690 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Advanced iFrame allows Stored XSS.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Advanced Iframe
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-24548 MEDIUM This Month

Payment EX Ver1.1.5b and earlier allows a remote unauthenticated attacker to obtain the information of the user who purchases merchandise using Payment EX. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Payment Ex
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-7069 MEDIUM PATCH This Month

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions up to, and including, 2023.10 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Advanced Iframe
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-23645 MEDIUM PATCH This Month

GLPI is a Free Asset and IT Management Software package. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Glpi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2024-24570 MEDIUM PATCH This Month

Statamic is a Laravel and Git powered CMS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Statamic
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-51695 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPEverest Everest Forms - Build Contact Forms, Surveys, Polls, Application Forms, and more with. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Everest Forms
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-51685 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LJ Apps WP Review Slider allows Stored XSS.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Review Slider
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-51548 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Neil Gee SlickNav Mobile Menu allows Stored XSS.9.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Slicknav Mobile Menu
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-51536 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks Forms - WordPress Form Builder allows Stored XSS.1.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Crm Perks Forms
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-51691 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team Comments - wpDiscuz allows Stored XSS.6.12. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wpdiscuz
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2023-51534 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brave Brave - Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Brave
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2023-51506 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WPCS - WordPress Currency Switcher Professional allows Stored XSS.2.0. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS WordPress Wordpress Currency Switcher
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-1141 MEDIUM PATCH This Month

A vulnerability was found in python-glance-store. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Python Information Disclosure Glance Store
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-22430 MEDIUM This Month

Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-23941 MEDIUM This Month

Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated attacker to execute an arbitrary script on. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Group Office
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-24755 MEDIUM PATCH This Month

discourse-group-membership-ip-block is a discourse plugin that adds support for adding users to groups based on their IP address. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Group Membership Ip Blocks
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-1040 MEDIUM This Month

Gessler GmbH WEB-MASTER user account is stored using a weak hashing algorithm. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Web Master Firmware
NVD
CVSS 3.1
4.4
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy