Skip to main content
CVE-2021-31674 MEDIUM POC This Month

Cyclos 4 PRO 4.14.7 and before does not validate user input at error inform, which allows remote unauthenticated attacker to execute javascript code via undefine enum constant. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cyclos
NVD Exploit-DB VulDB
CVSS 3.1
6.1
EPSS
3.8%
CVE-2021-31673 MEDIUM POC This Month

A Dom-based Cross-site scripting (XSS) vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cyclos
NVD Exploit-DB VulDB
CVSS 3.1
6.1
EPSS
3.4%
CVE-2022-0191 MEDIUM POC PATCH This Month

The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.7 does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF WordPress Ad Invalid Click Protector
NVD WPScan
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-1282 MEDIUM POC PATCH This Month

The Photo Gallery by 10Web WordPress plugin before 1.6.3 does not properly sanitize the $_GET['image_url'] variable, which is reflected back to the users when executing the editimage_bwg AJAX action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Photo Gallery
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-1269 MEDIUM POC This Month

The Fast Flow WordPress plugin before 1.2.12 does not sanitise and escape the page parameter before outputting back in an attribute in an admin dashboard, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Fastflow
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-1250 MEDIUM POC This Month

The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Lifterlms
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-0428 MEDIUM POC This Month

The Content Egg WordPress plugin before 5.3.0 does not sanitise and escape the page parameter before outputting back in an attribute in the Autoblogging admin dashboard, leading to a Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Content Egg
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-29969 MEDIUM POC PATCH This Month

The RSS extension before 2022-04-29 for MediaWiki allows XSS via an rss element (if the feed is in $wgRSSUrlWhitelist and $wgRSSAllowLinkTag is true). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Rss For Mediawiki
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-1515 MEDIUM POC PATCH This Month

A memory leak was discovered in matio 1.5.21 and earlier in Mat_VarReadNextInfo5() in mat5.c via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Matio
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-1475 MEDIUM POC PATCH This Month

An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Ffmpeg
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2022-23065 MEDIUM POC PATCH This Month

In Vendure versions 0.1.0-alpha.2 to 1.5.1 are affected by Stored XSS vulnerability, where an attacker having catalog permission can upload a SVG file that contains malicious JavaScript into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Vendure
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-1255 MEDIUM POC This Month

The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Import And Export Users And Customers
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2022-1046 MEDIUM POC This Month

The Visual Form Builder WordPress plugin before 3.0.7 does not sanitise and escape the form's 'Email to' field , which could allow high privilege users to perform Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Visual Form Builder
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-0662 MEDIUM POC This Month

The AdRotate WordPress plugin before 5.8.23 does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Adrotate
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-0649 MEDIUM POC This Month

The AdRotate WordPress plugin before 5.8.23 does not escape Group Names, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Adrotate
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-0418 MEDIUM POC This Month

The Event List WordPress plugin before 0.8.8 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks against other admin. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Event List
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-29973 MEDIUM POC This Month

relan exFAT 1.3.0 allows local users to obtain sensitive information (data from deleted files in the filesystem) in certain situations involving offsets beyond ValidDataLength. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Denial Of Service Exfat
NVD GitHub
CVSS 3.1
4.7
EPSS
0.3%
CVE-2022-23722 MEDIUM This Month

When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Pingfederate
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-26326 MEDIUM This Month

Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Netiq Access Manager
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-26325 MEDIUM This Month

Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Netiq Access Manager
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-29444 MEDIUM This Month

Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Breeze
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-24974 MEDIUM This Month

Links may not be rewritten according to policy in some specially formatted emails. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Email Isolation
NVD
CVSS 3.1
5.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy