Skip to main content
CVE-2022-23061 MEDIUM POC PATCH This Month

In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although this cannot happen according to the documentation) via Insecure Direct Object Reference (IDOR). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Shopizer
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-25349 MEDIUM POC This Month

All versions of package materialize-css are vulnerable to Cross-site Scripting (XSS) due to improper escape of user input (such as <not-a-tag />) that is being parsed as HTML/JavaScript, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Materialize CSS
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2022-23060 MEDIUM POC PATCH This Month

A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0, where a privileged user (attacker) can inject malicious JavaScript in the filename under the “Manage. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Shopizer
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-21230 MEDIUM This Month

This affects all versions of package org.nanohttpd:nanohttpd. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Java Information Disclosure Nanohttpd
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy