Skip to main content
CVE-2021-46006 MEDIUM POC This Month

In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A3100R Firmware
NVD VulDB
CVSS 3.1
6.5
EPSS
7.2%
CVE-2022-23869 MEDIUM POC This Month

In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ruoyi
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-26644 MEDIUM POC This Month

Online Banking System Protect v1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via parameters on user profile, system_info and accounts management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Banking System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-24135 MEDIUM POC This Month

QingScan 1.3.0 is affected by Cross Site Scripting (XSS) vulnerability in all search functions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Qingscan
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-24131 MEDIUM POC This Month

DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Douphp
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-26244 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hospital S Patient Records Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-1181 MEDIUM POC PATCH THREAT This Month

Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Openemr
NVD GitHub
CVSS 3.1
5.4
EPSS
51.5%
CVE-2022-1179 MEDIUM POC PATCH THREAT This Month

Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Openemr
NVD GitHub
CVSS 3.1
5.4
EPSS
76.9%
CVE-2022-1178 MEDIUM POC PATCH THREAT This Month

Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Openemr
NVD GitHub
CVSS 3.1
5.4
EPSS
51.6%
CVE-2022-1172 MEDIUM POC PATCH This Month

Null Pointer Dereference Caused Segmentation Fault in GitHub repository gpac/gpac prior to 2.1.0-DEV. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Gpac
NVD GitHub
CVSS 3.1
5.0
EPSS
0.7%
CVE-2022-1163 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository mineweb/minewebcms prior to next. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Minewebcms
NVD GitHub Exploit-DB
CVSS 3.1
4.8
EPSS
3.5%
CVE-2022-1177 MEDIUM POC PATCH This Month

Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Openemr
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2022-25619 MEDIUM This Month

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in ping tool of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause run arbitrary. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Sambabox
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-26949 MEDIUM This Month

Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access control vulnerability on attachments. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Archer
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-23801 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-23800 MEDIUM PATCH This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-23798 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Joomla
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-23796 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-28202 MEDIUM PATCH This Month

An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mediawiki Fedora Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2022-26951 MEDIUM This Month

Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Archer
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-26950 MEDIUM This Month

Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Archer
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-23136 MEDIUM This Month

There is a stored XSS vulnerability in ZTE home gateway product. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte XSS Zxhn F680 Firmware
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-26947 MEDIUM This Month

Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Archer
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-23794 MEDIUM PATCH This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-27907 MEDIUM This Month

Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Nexus Repository Manager
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy