Skip to main content
CVE-2022-26246 MEDIUM POC This Month

TMS v2.28.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /TMS/admin/setting/mail/createorupdate. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-26247 MEDIUM POC This Month

TMS v2.28.0 contains an insecure permissions vulnerability via the component /TMS/admin/user/Update2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Teamwork Management System
NVD GitHub
CVSS 3.1
5.9
EPSS
0.7%
CVE-2022-26555 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Add a Button function of Eova v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the button. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eova
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-25464 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the component /admin/contenttemp of DoraCMS v2.1.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Doracms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy