Skip to main content
CVE-2022-27375 MEDIUM POC This Month

Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_422168 at /goform/WifiExtraSet. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda CSRF Ax12 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-27374 MEDIUM POC This Month

Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_42E328 at /goform/SysToolReboot. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda CSRF Ax12 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-1461 MEDIUM POC PATCH This Month

Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Openemr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-28094 MEDIUM POC This Month

SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the fid parameter at booking.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Sports Complex Booking System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-28290 MEDIUM POC This Month

Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wordpress Country Selector
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2022-0953 MEDIUM POC This Month

The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.96 does not sanitise and escape the QUERY_STRING before outputting it back in an admin page, leading to a Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Download Anti Malware Security And Brute Force Firewall
NVD WPScan
CVSS 3.1
6.1
EPSS
3.0%
CVE-2022-28586 MEDIUM POC This Month

XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hoosk
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-27103 MEDIUM POC PATCH This Month

element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS) via el-table-column. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Element Plus
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-28506 MEDIUM POC This Month

There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Giflib Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.3%
CVE-2022-27135 MEDIUM POC This Month

xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow Xpdf
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2022-1152 MEDIUM POC This Month

The Menubar WordPress plugin before 5.8 does not sanitise and escape the command parameter before outputting it back in the response via the menubar AJAX action (available to any authenticated. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Menubar
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-0398 MEDIUM POC This Month

The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Thirstyaffiliates Affiliate Link Manager
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-27428 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in /index.php/album/add of GalleryCMS v2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Gallerycms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-1458 MEDIUM POC PATCH This Month

Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Openemr
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-1457 MEDIUM POC PATCH This Month

Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neorazorx/facturascripts prior to 2022.04. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Facturascripts
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-1396 MEDIUM POC This Month

The Donorbox WordPress plugin before 7.1.7 does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Donorbox
NVD WPScan
CVSS 3.1
4.8
EPSS
1.0%
CVE-2022-1228 MEDIUM POC This Month

The Opensea WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, like its "Referer address" field, which could allow high privilege users to perform Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Opeansea
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1156 MEDIUM POC This Month

The Books & Papers WordPress plugin through 0.20210223 does not escape its Custom DB prefix settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Books Papers
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1153 MEDIUM POC This Month

The LayerSlider WordPress plugin before 7.1.2 does not sanitise and escape Project's slug before outputting it back in various place, which could allow high privilege users such as admin to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress LayerSlider
NVD WPScan
CVSS 3.1
4.8
EPSS
2.6%
CVE-2022-1094 MEDIUM POC This Month

The amr users WordPress plugin before 4.59.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Amr Users
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2022-1027 MEDIUM POC This Month

The Page Restriction WordPress (WP) WordPress plugin before 1.2.7 allows bad actors with administrator privileges to the settings page to inject Javascript code to its settings leading to stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Page Restriction
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-0876 MEDIUM POC This Month

The Social comments by WpDevArt WordPress plugin before 2.5.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Social Comments
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1092 MEDIUM POC This Month

The myCred WordPress plugin before 2.4.3.1 does not have authorisation and CSRF checks in its mycred-tools-import-export AJAX action, allowing any authenticated user to call and and retrieve the list. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Mycred
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-0634 MEDIUM POC This Month

The ThirstyAffiliates WordPress plugin before 3.10.5 lacks authorization checks in the ta_insert_external_image action, allowing a low-privilege user (with a role as low as Subscriber) to add an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Thirstyaffiliates Affiliate Link Manager
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-0363 MEDIUM POC This Month

The myCred WordPress plugin before 2.4.3.1 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Mycred
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-0287 MEDIUM POC This Month

The myCred WordPress plugin before 2.4.4.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Mycred
NVD WPScan
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-26597 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Layout module's Open Graph integration in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Digital Experience Platform Liferay Portal
NVD VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-26596 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Journal module's web content display configuration page in Liferay Portal 7.1.0 through 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Digital Experience Platform Liferay Portal
NVD VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-24880 MEDIUM PATCH This Month

flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Python Flask Session Captcha
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2022-0477 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 11.9 before 14.5.4, all versions starting from 14.6.0 before 14.6.4, all versions starting from 14.7.0 before 14.7.1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2022-29418 MEDIUM This Month

Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) in Mark Daniels Night Mode plugin <= 1.0.0 on WordPress via vulnerable parameters: &ntmode_page_setting[enable-me],. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Night Mode
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-29417 MEDIUM This Month

Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin <= 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Shortpixel Adaptive Images
NVD
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy