Skip to main content
CVE-2022-23052 MEDIUM POC This Month

PeteReport Version 0.5 contains a Cross Site Request Forgery (CSRF) vulnerability allowing an attacker to trick users into deleting users, products, reports and findings on the application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Petereport
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-0753 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Control Panel
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-24725 MEDIUM POC PATCH This Month

Shescape is a shell escape package for JavaScript. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Path Traversal Information Disclosure Shescape
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-23051 MEDIUM POC This Month

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svg_file' parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Petereport
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-25138 MEDIUM POC This Month

Axelor Open Suite v5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Suite
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-24563 MEDIUM POC This Month

In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the intro_title and intro_image parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Genixcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-24723 MEDIUM POC PATCH This Month

URI.js is a Javascript URL mutation library. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Uri Js
NVD GitHub
CVSS 3.1
5.3
EPSS
2.0%
CVE-2022-22700 MEDIUM POC This Month

CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Identity
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2022-25220 MEDIUM POC This Month

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Petereport
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-22943 MEDIUM This Month

VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

VMware Microsoft Information Disclosure Tools
NVD
CVSS 3.1
6.7
EPSS
1.2%
CVE-2022-23849 MEDIUM This Month

The biometric lock in Devolutions Password Hub for iOS before 2021.3.4 allows attackers to access the application because of authentication bypass. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apple Password Hub
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2021-38263 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Server module's script console in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 20 and 7.2 before fix. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Liferay Portal Digital Experience Platform
NVD VulDB
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-38264 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 and 7.4.1 allows remote attackers to inject arbitrary web script or HTML into the management toolbar. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Liferay Portal
NVD VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-24573 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Http Commander
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-23710 MEDIUM This Month

A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow arbitrary JavaScript to be executed in a victim’s. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Kibana
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-38269 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Gogo Shell module in Liferay Portal 7.1.0 through 7.3.6 and 7.4.0, and Liferay DXP 7.1 before fix pack 23, 7.2 before fix pack 13, and 7.3 before fix. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Liferay Portal Digital Experience Platform
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-38267 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Blogs module's edit blog entry page in Liferay Portal 7.3.2 through 7.3.6, and Liferay DXP 7.3 before fix pack 2 allows remote attackers to inject. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Digital Experience Platform Liferay Portal
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-38265 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Asset module in Liferay Portal 7.3.4 through 7.3.6 allow remote attackers to inject arbitrary web script or HTML when creating a collection page via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Digital Experience Platform Liferay Portal
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-25146 MEDIUM PATCH This Month

The Remote App module in Liferay Portal Liferay Portal v7.4.3.4 through v7.4.3.8 and Liferay DXP 7.4 before update 5 does not check if the origin of event messages it receives matches the origin of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Digital Experience Platform Liferay Portal
NVD VulDB
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-23709 MEDIUM This Month

A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Elastic Kibana
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-23708 MEDIUM PATCH This Month

A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Elastic Elasticsearch
NVD
CVSS 3.1
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy