Skip to main content
CVE-2022-1728 MEDIUM POC PATCH This Month

Allowing long password leads to denial of service in polonel/trudesk in GitHub repository polonel/trudesk prior to 1.2.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Trudesk
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-1560 MEDIUM POC This Month

The Amministrazione Aperta WordPress plugin before 3.8 does not validate the open parameter before using it in an include statement, leading to a Local File Inclusion issue. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal Amministrazione Aperta
NVD WPScan
CVSS 3.1
6.5
EPSS
2.2%
CVE-2022-1407 MEDIUM POC This Month

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Hotel Booking Engine Pms
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-1398 MEDIUM POC This Month

The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress External Media Without Import
NVD WPScan
CVSS 3.1
6.5
EPSS
2.9%
CVE-2022-0578 MEDIUM POC PATCH This Month

Code Injection in GitHub repository publify/publify prior to 9.2.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Publify
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-0574 MEDIUM POC PATCH This Month

Improper Access Control in GitHub repository publify/publify prior to 9.2.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Publify
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-30050 MEDIUM POC This Month

Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via bbs/member_confirm.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Gnuboard
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-1465 MEDIUM POC This Month

The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.9 does not sanitise and escape a parameter before outputting it back in an attribute via an AJAX action, leading to a Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wpc Smart Wishlist For Woocommerce
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-1455 MEDIUM POC This Month

The Call Now Button WordPress plugin before 1.1.2 does not escape a parameter before outputting it back in an attribute of a hidden input, leading to a Reflected Cross-Site Scripting when the premium. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Call Now Button
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-1436 MEDIUM POC This Month

The WPCargo Track & Trace WordPress plugin before 6.9.5 does not sanitise and escape the wpcargo_tracking_number parameter before outputting it back in the page, which could allow attackers to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Track Trace
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-1418 MEDIUM POC This Month

The Social Stickers WordPress plugin through 2.2.9 does not have CSRF checks in place when updating its Social Network settings, and does not escape some of these fields, which could allow attackers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Social Stickers
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-1267 MEDIUM POC This Month

The BMI BMR Calculator WordPress plugin through 1.3 does not sanitise and escape arbitrary POST data before outputting it back in the response, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Bmi Bmr Calculator
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-1217 MEDIUM POC This Month

The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 does not sanitise and escape the PHP_SELF variable before outputting it back in an attribute in an admin page, leading to Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Custom Tinymce Shortcode Button
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-1216 MEDIUM POC This Month

The Advanced Image Sitemap WordPress plugin through 1.2 does not sanitise and escape the PHP_SELF PHP variable before outputting it back in an attribute in an admin page, leading to Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS WordPress Advanced Image Sitemap
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-30777 MEDIUM POC This Month

Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS H Sphere
NVD
CVSS 3.1
6.1
EPSS
2.2%
CVE-2022-30776 MEDIUM POC This Month

atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Atmail
NVD
CVSS 3.1
6.1
EPSS
4.2%
CVE-2022-30770 MEDIUM POC This Month

Terminalfour versions 8.3.7, 8.3.x versions prior to version 8.3.8 and r 8.2.x versions prior to version 8.2.18.5 or 8.2.18.2.1 are vulnerable to (XSS) vulnerability that could be exploited by an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Terminalfour
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-29017 MEDIUM POC This Month

Bento4 v1.6.0.0 was discovered to contain a segmentation fault via the component /x86_64/multiarch/strlen-avx2.S. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bento4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-30775 MEDIUM POC This Month

xpdf 4.04 allocates excessive memory when presented with crafted input. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Xpdf
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-1726 MEDIUM POC PATCH This Month

Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Bootstrap Table
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-1557 MEDIUM POC This Month

The ULeak Security & Monitoring WordPress plugin through 1.2.3 does not have authorisation and CSRF checks when updating its settings, and is also lacking sanitisation as well as escaping in some of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Uleak Security Dashboard
NVD WPScan
CVSS 3.1
5.4
EPSS
1.1%
CVE-2022-1393 MEDIUM POC This Month

The WP Subtitle WordPress plugin before 3.4.1 adds a subtitle field and provides a shortcode to display it via [wp_subtitle]. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Subtitle
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-1051 MEDIUM POC This Month

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not sanitise and escape the city, phone or profile credentials fields when outputting it. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wpqa Builder
NVD WPScan
CVSS 3.1
5.4
EPSS
1.2%
CVE-2022-30013 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the upload function of totaljs CMS 3.4.5 allows attackers to execute arbitrary web scripts via a JavaScript embedded PDF file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Total Js
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-1553 MEDIUM POC PATCH This Month

Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Publify
NVD GitHub
CVSS 3.1
4.9
EPSS
1.2%
CVE-2022-1559 MEDIUM POC This Month

The Clipr WordPress plugin through 1.2.3 does not sanitise and escape its API Key settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Clipr
NVD WPScan
CVSS 3.1
4.8
EPSS
1.0%
CVE-2022-1512 MEDIUM POC This Month

The ScrollReveal.js Effects WordPress plugin through 1.2 does not sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Scrollrevealjs Effects
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2022-1435 MEDIUM POC This Month

The WPCargo Track & Trace WordPress plugin before 6.9.5 does not sanitize and escapes some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Track Trace
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1408 MEDIUM POC This Month

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not escape various settings before outputting them in attributes, which could allow high privilege users such as admin to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Hotel Booking Engine Pms
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1334 MEDIUM POC This Month

The WP YouTube Live WordPress plugin before 1.8.3 does not validate, sanitise and escape various of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Youtube Live
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2022-1265 MEDIUM POC This Month

The BulletProof Security WordPress plugin before 6.1 does not sanitize and escape some of its CAPTCHA settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Bulletproof Security
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1089 MEDIUM POC This Month

The Bulk Edit and Create User Profiles WordPress plugin before 1.5.14 does not sanitise and escape the Users Login, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Bulk Edit And Create User Profiles Wp Sheet Editor
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1062 MEDIUM POC This Month

The th23 Social WordPress plugin through 1.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Th23 Social
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-0873 MEDIUM POC This Month

The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanitise and escape the Album's name before outputting it in pages/posts with a media embed, which could allow high privilege users. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Gmedia Gallery
NVD WPScan
CVSS 3.1
4.8
EPSS
0.9%
CVE-2022-1425 MEDIUM POC This Month

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the message_id of the wpqa_message_view ajax action belongs to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Wpqa Builder
NVD WPScan
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-1349 MEDIUM POC This Month

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the value passed to the image_id parameter of the ajax action. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Wpqa Builder
NVD WPScan
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-29587 MEDIUM POC This Month

Konica Minolta bizhub MFP devices before 2022-04-14 have an internal Chromium browser that executes with root (aka superuser) access privileges. Rated medium severity (CVSS 4.0). Public exploit code available and no vendor patch available.

Google Privilege Escalation Bizhub 226I Firmware Bizhub 227 Firmware Bizhub 246I Firmware +42
NVD
CVSS 3.1
4.0
EPSS
0.4%
CVE-2022-23670 MEDIUM This Month

A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Information Disclosure Clearpass Policy Manager
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-23659 MEDIUM This Month

A remote reflected cross site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Aruba Clearpass Policy Manager
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-30126 MEDIUM PATCH This Month

In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Tika Primavera Unifier
NVD
CVSS 3.1
5.5
EPSS
2.5%
CVE-2022-25169 MEDIUM PATCH This Month

The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Tika Primavera Unifier
NVD
CVSS 3.1
5.5
EPSS
2.1%
CVE-2022-23668 MEDIUM This Month

A remote authenticated server-side request forgery (ssrf) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Aruba Clearpass Policy Manager
NVD
CVSS 3.1
4.9
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy