Skip to main content
CVE-2022-1466 MEDIUM POC PATCH This Month

Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Red Hat Keycloak Single Sign On
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-26564 MEDIUM POC This Month

HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hoteldruid
NVD
CVSS 3.1
6.1
EPSS
2.8%
CVE-2022-28449 MEDIUM POC This Month

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nopcommerce
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-28522 MEDIUM POC This Month

ZCMS v20170206 was discovered to contain a stored cross-site scripting (XSS) vulnerability via index.php?m=home&c=message&a=add. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Zcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-28450 MEDIUM POC This Month

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the "Text" parameter (forums) when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nopcommerce
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-28448 MEDIUM POC This Month

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nopcommerce
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-1173 MEDIUM POC PATCH This Month

stored xss in GitHub repository getgrav/grav prior to 1.7.33. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Grav
NVD GitHub
CVSS 3.1
5.4
EPSS
1.5%
CVE-2022-27888 MEDIUM This Month

Foundry Issues service versions 2.244.0 to 2.249.0 was found to be logging in a manner that captured sensitive information (session tokens). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Foundry Issues
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-28218 MEDIUM This Month

An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Webmail Messenger
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-27854 MEDIUM This Month

Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher role via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Psychological Tests Quizzes
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-24866 MEDIUM PATCH This Month

Discourse Assign is a plugin for assigning users to a topic in Discourse, an open-source messaging platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Assign
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy