Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-05-21 | CVE-2023-2826 | Cross-site Scripting vulnerability in Class Scheduling System Project Class Scheduling System 1.0 A vulnerability has been found in SourceCodester Class Scheduling System 1.0 and classified as problematic. | 5.4 |
2023-05-20 | CVE-2023-2824 | Cross-site Scripting vulnerability in Dental Clinic Appointment Reservation System Project Dental Clinic Appointment Reservation System 1.0 A vulnerability was found in SourceCodester Dental Clinic Appointment Reservation System 1.0. | 6.1 |
2023-05-20 | CVE-2023-2822 | Cross-site Scripting vulnerability in Ellucian Ethos Identity A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. | 6.1 |
2023-05-20 | CVE-2023-2714 | Missing Authorization vulnerability in Groundhogg The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_license' functions in versions up to, and including, 2.7.9.8. | 4.3 |
2023-05-20 | CVE-2023-2715 | Missing Authorization vulnerability in Groundhogg The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_ticket' function in versions up to, and including, 2.7.9.8. | 4.3 |
2023-05-20 | CVE-2023-2716 | Missing Authorization vulnerability in Groundhogg The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajax_upload_file' function in versions up to, and including, 2.7.9.8. | 5.4 |
2023-05-20 | CVE-2023-2717 | Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. | 4.3 |
2023-05-20 | CVE-2023-2735 | Cross-site Scripting vulnerability in Groundhogg The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gh_form' shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2023-05-19 | CVE-2023-32675 | Always-Incorrect Control Flow Implementation vulnerability in Vyper Project Vyper Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. | 5.3 |
2023-05-19 | CVE-2023-1996 | Cross-site Scripting vulnerability in 3DS 3Dexperience A reflected Cross-site Scripting (XSS) vulnerability in 3DEXPERIENCE R2018x through R2023x allows an attacker to execute arbitrary script code. | 6.1 |