Skip to main content
CVE-2020-18324 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subrion Cms
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
2.7%
CVE-2020-18325 MEDIUM POC This Month

Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subrion Cms
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
2.1%
CVE-2022-0855 MEDIUM POC PATCH This Month

Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin prior to 0.0.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Whmcs
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-23397 MEDIUM POC This Month

The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ez Net Portal
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-0752 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Control Panel
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-0838 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Control Panel
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-25106 MEDIUM POC This Month

D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer overflow via the function genacgi_main. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption D-Link Buffer Overflow Dir 859 Firmware +1
NVD GitHub
CVSS 3.1
5.5
EPSS
8.6%
CVE-2022-0832 MEDIUM POC PATCH THREAT This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
66.6%
CVE-2022-0831 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
1.3%
CVE-2022-26336 MEDIUM PATCH This Month

A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apache Microsoft Information Disclosure Poi Active Iq Unified Manager
NVD
CVSS 3.1
5.5
EPSS
1.5%
CVE-2022-22946 MEDIUM PATCH This Month

In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Java Information Disclosure Spring Cloud Gateway Commerce Guided Search Communications Cloud Native Core Binding Support Function +3
NVD
CVSS 3.1
5.5
EPSS
4.8%
CVE-2022-26484 MEDIUM PATCH This Month

An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Infoscale Operations Manager
NVD
CVSS 3.1
4.9
EPSS
2.6%
CVE-2022-23232 MEDIUM This Month

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could allow disabled, expired, or locked external user. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Storagegrid
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2022-26483 MEDIUM PATCH This Month

An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Infoscale Operations Manager
NVD
CVSS 3.1
4.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy