Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-05-21 CVE-2023-2826 Cross-site Scripting vulnerability in Class Scheduling System Project Class Scheduling System 1.0
A vulnerability has been found in SourceCodester Class Scheduling System 1.0 and classified as problematic.
network
low complexity
class-scheduling-system-project CWE-79
5.4
2023-05-20 CVE-2023-2824 Cross-site Scripting vulnerability in Dental Clinic Appointment Reservation System Project Dental Clinic Appointment Reservation System 1.0
A vulnerability was found in SourceCodester Dental Clinic Appointment Reservation System 1.0.
6.1
2023-05-20 CVE-2023-2822 Cross-site Scripting vulnerability in Ellucian Ethos Identity
A vulnerability was found in Ellucian Ethos Identity up to 5.10.5.
network
low complexity
ellucian CWE-79
6.1
2023-05-20 CVE-2023-2714 Missing Authorization vulnerability in Groundhogg
The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_license' functions in versions up to, and including, 2.7.9.8.
network
low complexity
groundhogg CWE-862
4.3
2023-05-20 CVE-2023-2715 Missing Authorization vulnerability in Groundhogg
The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_ticket' function in versions up to, and including, 2.7.9.8.
network
low complexity
groundhogg CWE-862
4.3
2023-05-20 CVE-2023-2716 Missing Authorization vulnerability in Groundhogg
The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajax_upload_file' function in versions up to, and including, 2.7.9.8.
network
low complexity
groundhogg CWE-862
5.4
2023-05-20 CVE-2023-2717 Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg
The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8.
network
low complexity
groundhogg CWE-352
4.3
2023-05-20 CVE-2023-2735 Cross-site Scripting vulnerability in Groundhogg
The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gh_form' shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
groundhogg CWE-79
5.4
2023-05-19 CVE-2023-32675 Always-Incorrect Control Flow Implementation vulnerability in Vyper Project Vyper
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine.
network
low complexity
vyper-project CWE-670
5.3
2023-05-19 CVE-2023-1996 Cross-site Scripting vulnerability in 3DS 3Dexperience
A reflected Cross-site Scripting (XSS) vulnerability in 3DEXPERIENCE R2018x through R2023x allows an attacker to execute arbitrary script code.
network
low complexity
3ds CWE-79
6.1