Skip to main content
CVE-2022-31786 MEDIUM POC This Month

IdeaLMS 2022 allows reflected Cross Site Scripting (XSS) via the IdeaLMS/Class/Assessment/ PATH_INFO. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Idealms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-33119 MEDIUM POC This Month

NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via login.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Nvrsolo Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
1.5%
CVE-2022-31373 MEDIUM POC This Month

SolarView Compact v6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Solar_AiConf.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Sv Cpt Mc310 Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
5.1%
CVE-2022-32414 MEDIUM POC PATCH This Month

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_vmcode_interpreter at src/njs_vmcode.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Use After Free Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-31307 MEDIUM POC PATCH This Month

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_string_offset at src/njs_string.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Use After Free Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-31306 MEDIUM POC PATCH This Month

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_convert_to_slow_array at src/njs_array.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Use After Free Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-25585 MEDIUM POC This Month

Unioncms v1.0.13 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Default settings. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Unioncms
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-30874 MEDIUM POC PATCH This Month

There is a Cross Site Scripting Stored (XSS) vulnerability in NukeViet CMS before 4.5.02. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nukeviet
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-31303 MEDIUM POC This Month

maccms10 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Maccms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-31302 MEDIUM POC This Month

maccms8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Maccms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-23342 MEDIUM POC This Month

The Hyland Onbase Application Server releases prior to 20.3.58.1000 and OnBase releases 21.1.1.1000 through 21.1.15.1000 are vulnerable to a username enumeration vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Onbase
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2022-31095 MEDIUM This Month

discourse-chat is a chat plugin for the Discourse application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Discourse Chat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-32974 MEDIUM This Month

An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nessus
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-1596 MEDIUM This Month

Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb Information Disclosure Rex640 Pcl1 Firmware Rex640 Pcl2 Firmware Rex640 Pcl3 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-31478 MEDIUM This Month

The UserTakeOver plugin before 4.0.1 for ILIAS allows an attacker to list all users via the search function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Usertakeover
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy