Skip to main content
CVE-2022-26263 MEDIUM POC THREAT This Month

Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability via the component /u8sl/WebHelp. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 37.7%.

XSS U8
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
37.7%
CVE-2022-25590 MEDIUM POC This Month

SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Surveyking
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-27887 MEDIUM POC This Month

Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Maccms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-27886 MEDIUM POC This Month

Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/ulog/index.html via the wd parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Maccms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-27885 MEDIUM POC This Month

Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Maccms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-27884 MEDIUM POC This Month

Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/plog/index.html via the wd parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Maccms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-26573 MEDIUM POC This Month

Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/art/data.html via the select and input parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Maccms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-26197 MEDIUM POC This Month

Joget DX 7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Datalist table. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Joget Dx
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-25582 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Column module of ClassCMS v2.5 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Classcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-40906 MEDIUM This Month

CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Checkmk
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-27920 MEDIUM PATCH This Month

libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Libkiwix Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-25610 MEDIUM This Month

Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Simple Ajax Chat
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-27906 MEDIUM This Month

Mendelson OFTP2 before 1.1 b43 is affected by directory traversal. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal Oftp2
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2022-0322 MEDIUM PATCH This Month

A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Fedora Communications Cloud Native Core Binding Support Function +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-24643 MEDIUM This Month

A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Management System version 6.0.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Openemr
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2022-25612 MEDIUM This Month

Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin <= 1.5.4 allows user with author or higher user rights inject the malicious code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Simple Event Planner
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-25611 MEDIUM This Month

Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin <= 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Simple Event Planner
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-25606 MEDIUM This Month

Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Wp Downloadmanager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-25574 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Douphp
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-0494 MEDIUM This Month

A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel Debian Linux
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2022-0897 MEDIUM This Month

A flaw was found in the libvirt nwfilter driver. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Libvirt Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy