Skip to main content
CVE-2022-30839 MEDIUM POC This Month

Room-rent-portal-site v1.0 is vulnerable to Cross Site Scripting (XSS) via /rrps/classes/Master.php?f=save_category, vehicle_name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Room Rent Portal Site
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-1849 MEDIUM POC PATCH This Month

Session Fixation in GitHub repository filegator/filegator prior to 7.8.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Session Fixation Information Disclosure Filegator
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-30842 MEDIUM POC This Month

Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ctpms/classes/Users.php?f=save, firstname. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Covid 19 Travel Pass Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-30837 MEDIUM POC This Month

Toll-tax-management-system v1.0 is vulnerable to Cross Site Scripting (XSS) via /ttms/classes/Master.php?f=save_recipient, vehicle_name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Toll Tax Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-30464 MEDIUM POC This Month

ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Site Scripting (XSS) via /simple_chat_bot/classes/Master.php?f=save_response. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Chatbot App With Suggestion
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-30462 MEDIUM POC This Month

Water-billing-management-system v1.0 is affected by: Cross Site Scripting (XSS) via /wbms/classes/Users.php?f=save, firstname. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Water Billing System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-30460 MEDIUM POC This Month

Simple Social Networking Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /sns/classes/Users.php?f=save, firstname. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Simple Social Networking Site
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-30458 MEDIUM POC This Month

Automotive Shop Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /asms/classes/Master.php?f=save_product, name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Automotive Shop Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-30456 MEDIUM POC This Month

Badminton Center Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /bcms/classes/Master.php?f=save_court_rental. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Badminton Center Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-1848 MEDIUM POC PATCH This Month

Business Logic Errors in GitHub repository erudika/para prior to 1.45.11. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Para
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-22309 MEDIUM This Month

The POWER systems FSP is vulnerable to unauthenticated logins through the serial port/TTY interface. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Power System S922 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2022-0910 MEDIUM This Month

A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zyxel Vpn100 Firmware Vpn1000 Firmware Vpn300 Firmware +29
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-0734 MEDIUM This Month

A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zyxel Vpn100 Firmware Vpn1000 Firmware Vpn300 Firmware +29
NVD
CVSS 3.1
6.1
EPSS
8.4%
CVE-2022-29237 MEDIUM PATCH This Month

Opencast is a free and open source solution for automated video capture and distribution at scale. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Opencast
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-22306 MEDIUM This Month

An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Fortinet Information Disclosure Fortios
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-31263 MEDIUM PATCH This Month

app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Mastodon
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-1840 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in Home Clean Services Management System 1.0.php?link=registerand. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Home Clean Services Management System
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1819 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in Student Information System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Student Information System
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy