Skip to main content
CVE-2022-25493 MEDIUM POC This Month

HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmentrecord.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hospital Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-0951 MEDIUM POC PATCH This Month

File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-0968 MEDIUM POC PATCH This Month

The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Microweber
NVD GitHub
CVSS 3.1
5.5
EPSS
3.7%
CVE-2022-0961 MEDIUM POC PATCH This Month

The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Microweber
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2022-25489 MEDIUM POC This Month

Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "A" parameter in /widgets/debug.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Atomcms
NVD GitHub
CVSS 3.1
5.4
EPSS
1.5%
CVE-2022-0970 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Grav
NVD GitHub
CVSS 3.1
5.4
EPSS
1.8%
CVE-2022-0967 MEDIUM POC PATCH This Month

Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
3.3%
CVE-2022-0966 MEDIUM POC PATCH This Month

Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-0965 MEDIUM POC PATCH This Month

Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-0964 MEDIUM POC PATCH This Month

Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-0963 MEDIUM POC PATCH This Month

Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Microweber
NVD GitHub
CVSS 3.1
5.4
EPSS
1.9%
CVE-2022-0942 MEDIUM POC PATCH This Month

Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-0957 MEDIUM POC PATCH This Month

Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-0956 MEDIUM POC PATCH This Month

Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-0954 MEDIUM POC PATCH This Month

Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Microweber
NVD GitHub
CVSS 3.1
5.4
EPSS
3.2%
CVE-2022-0894 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-0893 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-0950 MEDIUM POC PATCH This Month

Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-0945 MEDIUM POC PATCH This Month

Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-25497 MEDIUM POC This Month

CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Cuppacms
NVD GitHub
CVSS 3.1
5.3
EPSS
3.6%
CVE-2022-0430 MEDIUM POC PATCH This Month

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository httpie/httpie prior to 3.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Httpie
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2022-27217 MEDIUM This Month

Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Jenkins Information Disclosure Vmware Vrealize Codestream
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-27216 MEDIUM This Month

Jenkins dbCharts Plugin 0.5.2 and earlier stores JDBC connection passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Dbcharts
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-27211 MEDIUM This Month

A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes Jenkins Kubernetes Continuous Deploy
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-27210 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes CSRF Jenkins Kubernetes Continuous Deploy
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-27209 MEDIUM This Month

A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes Jenkins Kubernetes Continuous Deploy
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-27208 MEDIUM This Month

Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Jenkins Path Traversal Kubernetes Continuous Deploy
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2022-27206 MEDIUM PATCH This Month

Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Jenkins Information Disclosure Gitlab Authentication
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-27203 MEDIUM This Month

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Path Traversal Extended Choice Parameter
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-27201 MEDIUM PATCH This Month

Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Jenkins Semantic Versioning
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2022-27195 MEDIUM PATCH This Month

Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Parameterized Trigger
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-27193 MEDIUM PATCH This Month

CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (XXE). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Cvrf Csaf Converter
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-27213 MEDIUM This Month

Jenkins Environment Dashboard Plugin 1.1.10 and earlier does not escape the Environment order and the Component order configuration values in its views, resulting in a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Environment Dashboard
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-27212 MEDIUM This Month

Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the 'List Git branches (and more)' parameter, resulting in a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins List Git Branches Parameter
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-27202 MEDIUM This Month

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Extended Choice Parameter
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-27197 MEDIUM PATCH This Month

Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet's Iframe source URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Dashboard View
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-27196 MEDIUM PATCH This Month

Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Favorite
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-27207 MEDIUM This Month

Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Global Build Stats
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2022-27200 MEDIUM PATCH This Month

Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the configuration form, resulting in a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Folder Based Authorization Strategy
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-27218 MEDIUM This Month

Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Incapptic Connect Uploader
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-27215 MEDIUM This Month

A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Release Helper
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-27214 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Jenkins Release Helper
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-27205 MEDIUM This Month

A missing permission check in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Extended Choice Parameter
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-27199 MEDIUM PATCH This Month

A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Cloudbees Aws Credentials
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy