Skip to main content
CVE-2022-24612 MEDIUM POC This Month

An authenticated user can upload an XML file containing an XSS via the ITSM module of EyesOfNetwork 5.3.11, resulting in a stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eyesofnetwork
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-24594 MEDIUM POC PATCH This Month

In waline 1.6.1, an attacker can submit messages using X-Forwarded-For to forge any IP address. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Waline
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-0746 MEDIUM POC PATCH This Month

Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Dolibarr Erp Crm
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2022-24337 MEDIUM This Month

In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Teamcity
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-24333 MEDIUM This Month

In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Teamcity
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-24328 MEDIUM This Month

In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hub
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-37504 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jquery Upload File
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-25261 MEDIUM This Month

JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-25259 MEDIUM This Month

JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hub
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-24338 MEDIUM This Month

JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-24330 MEDIUM This Month

In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-24948 MEDIUM PATCH This Month

A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XSS Jspwiki
NVD
CVSS 3.1
6.1
EPSS
2.2%
CVE-2022-25327 MEDIUM PATCH This Month

The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Authentication Bypass Fscrypt
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-25326 MEDIUM PATCH This Month

fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Fscrypt
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-0247 MEDIUM PATCH This Month

An issue exists in Fuchsia where VMO data can be modified through access to copy-on-write snapshots. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Fuchsia
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-24710 MEDIUM PATCH This Month

Weblate is a copyleft software web-based continuous localization system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Weblate
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-24347 MEDIUM This Month

JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Youtrack
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-24344 MEDIUM This Month

JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Youtrack
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-24339 MEDIUM This Month

JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-24336 MEDIUM This Month

In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-24334 MEDIUM This Month

In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-24332 MEDIUM This Month

In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-24329 MEDIUM PATCH This Month

In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Kotlin Communications Cloud Native Core Binding Support Function Communications Pricing Design Center
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2022-24343 MEDIUM This Month

In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Youtrack
NVD
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy