Skip to main content
CVE-2024-24753 MEDIUM POC PATCH This Month

Bref enable serverless PHP on AWS Lambda. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Information Disclosure Bref
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-24752 MEDIUM POC PATCH This Month

Bref enable serverless PHP on AWS Lambda. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Denial Of Service Bref
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-0831 MEDIUM POC PATCH This Month

Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Hashicorp Information Disclosure Vault
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-23034 MEDIUM POC This Month

Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Eyoucms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-23033 MEDIUM POC This Month

Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Eyoucms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-23032 MEDIUM POC This Month

Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Eyoucms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-23031 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Eyoucms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-22927 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Eyoucms
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2024-24945 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Travel Journal Using Php And Mysql With Source Code
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-24041 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Travel Journal Using Php And Mysql With Source Code
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-24062 MEDIUM POC This Month

springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/role. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Springboot Manager
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-24061 MEDIUM POC This Month

springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sysContent/add. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Springboot Manager
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-24060 MEDIUM POC This Month

springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Springboot Manager
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-24059 MEDIUM POC This Month

springboot-manager v1.6 is vulnerable to Arbitrary File Upload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Springboot Manager
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-24569 MEDIUM POC PATCH This Month

The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Path Traversal Java Java Code Security Toolkit
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-52188 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson Footer Putter allows Stored XSS.17. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Footer Putter
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-51520 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPdevelop / Oplugins WP Booking Calendar allows Stored XSS.7.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Booking Calendar
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-52118 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Event Manager WP User Profile Avatar allows Stored XSS.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Event Manager
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-51693 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Icons allows Stored XSS.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Icons
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-51689 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in naa986 Easy Video Player allows Stored XSS.2.2.10. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Easy Video Player
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-51677 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.23. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Download Schema Structured Data For Wp Amp
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-51666 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Related Post allows Stored XSS.0.53. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Related Post
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-51532 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Icegram Icegram Engage - WordPress Lead Generation, Popup Builder, CTA, Optins and Email List. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Icegram Engage
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-52195 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Posts to Page Kerry James allows Stored XSS.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Posts To Page
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-52194 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Takayuki Miyauchi oEmbed Gist allows Stored XSS.9.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Oembed Gist
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-52193 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Live Composer Team Page Builder: Live Composer allows Stored XSS.5.23. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Page Builder
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-52192 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Keap Keap Official Opt-in Forms allows Stored XSS.0.11. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Official Opt In Forms
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-52191 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Torbjon Infogram - Add charts, maps and infographics allows Stored XSS.6.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Infogram
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-52189 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jhayghost Ideal Interactive Map allows Stored XSS.2.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ideal Interactive Map
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-52175 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Uno (miunosoft) Auto Amazon Links - Amazon Associates Affiliate Plugin allows Stored. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Auto Amazon Links
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-51514 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeboxr Team CBX Bookmark & Favorite allows Stored XSS.7.13. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cbx Bookmark Favorite
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-51684 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Easy Digital Downloads Easy Digital Downloads - Sell Digital Files (eCommerce Store & Payments. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Easy Digital Downloads
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-51674 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager - Restricted Content, Users & Roles, Enhanced Security and More. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Advanced Access Manager
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-51669 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artios Media Product Code for WooCommerce allows Stored XSS.4.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Product Code For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-51694 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Epiphyt Embed Privacy allows Stored XSS.8.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Embed Privacy
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-51690 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Advanced iFrame allows Stored XSS.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Advanced Iframe
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-24548 MEDIUM This Month

Payment EX Ver1.1.5b and earlier allows a remote unauthenticated attacker to obtain the information of the user who purchases merchandise using Payment EX. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Payment Ex
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-7069 MEDIUM PATCH This Month

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions up to, and including, 2023.10 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Advanced Iframe
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-23645 MEDIUM PATCH This Month

GLPI is a Free Asset and IT Management Software package. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Glpi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2024-24570 MEDIUM PATCH This Month

Statamic is a Laravel and Git powered CMS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Statamic
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-51695 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPEverest Everest Forms - Build Contact Forms, Surveys, Polls, Application Forms, and more with. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Everest Forms
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-51685 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LJ Apps WP Review Slider allows Stored XSS.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Review Slider
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-51548 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Neil Gee SlickNav Mobile Menu allows Stored XSS.9.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Slicknav Mobile Menu
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-51536 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks Forms - WordPress Form Builder allows Stored XSS.1.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Crm Perks Forms
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-51691 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team Comments - wpDiscuz allows Stored XSS.6.12. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wpdiscuz
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2023-51534 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brave Brave - Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Brave
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2023-51506 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WPCS - WordPress Currency Switcher Professional allows Stored XSS.2.0. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS WordPress Wordpress Currency Switcher
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-1141 MEDIUM PATCH This Month

A vulnerability was found in python-glance-store. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Python Information Disclosure Glance Store
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-22430 MEDIUM This Month

Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-23941 MEDIUM This Month

Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated attacker to execute an arbitrary script on. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Group Office
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy