Skip to main content
CVE-2022-1511 MEDIUM POC PATCH This Month

Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Snipe It
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-28477 MEDIUM POC This Month

WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wbce Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-28454 MEDIUM POC This Month

Limbas 4.3.36.1319 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Limbas
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-28102 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Generator v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected at /edit-db.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Php Mysql Admin Panel Generator
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-1514 MEDIUM POC PATCH This Month

Stored XSS via upload plugin functionality in zip format in GitHub repository neorazorx/facturascripts prior to 2022.06. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Facturascripts
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-24898 MEDIUM POC PATCH This Month

org.xwiki.commons:xwiki-commons-xml is a common module used by other XWiki top level projects. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XXE Commons
NVD GitHub
CVSS 3.1
4.9
EPSS
1.4%
CVE-2022-28117 MEDIUM POC THREAT This Month

A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Navigate Cms
NVD Exploit-DB
CVSS 3.1
4.9
EPSS
21.9%
CVE-2022-29815 MEDIUM This Month

In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Intellij Idea
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-29813 MEDIUM This Month

In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Intellij Idea
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-22441 MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to view information of higher privileged users and groups due to a privilege escalation vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Infosphere Information Server
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-29413 MEDIUM This Month

Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress via &title parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF WordPress Hermit
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-29415 MEDIUM This Month

Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in Mati Skiba @ Rav Messer's Ravpage plugin <= 2.16 at WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Ravpage
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-27860 MEDIUM This Month

Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) in Shea Bunge's Footer Text plugin <= 2.0.3 on WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF WordPress Footer Text
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-22427 MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-24873 MEDIUM PATCH This Month

Shopware is an open source e-commerce software platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Shopware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-29152 MEDIUM This Month

The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an XSS payload from the AppPortal cookie into the page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Powerterm Webconnect
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-29817 MEDIUM This Month

In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Intellij Idea
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-29412 MEDIUM This Month

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Hermit
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-29584 MEDIUM This Month

Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mahara
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-22443 MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-22322 MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-29869 MEDIUM PATCH This Month

cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Cifs Utils Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
1.8%
CVE-2022-29811 MEDIUM This Month

In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Hub
NVD
CVSS 3.1
4.8
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy