Skip to main content
CVE-2022-1551 MEDIUM POC This Month

The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Sp Project Document Manager
NVD WPScan
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-34573 MEDIUM POC This Month

An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to arbitrarily configure device settings via accessing the page mb_wifibasic.shtml. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wifi Repeater Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
0.6%
CVE-2022-35653 MEDIUM POC PATCH This Month

A reflected XSS issue was identified in the LTI module of Moodle. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle Fedora Enterprise Linux
NVD
CVSS 3.1
6.1
EPSS
3.7%
CVE-2022-2523 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Fava
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-2514 MEDIUM POC PATCH This Month

The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Fava
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-2189 MEDIUM POC This Month

The WP Video Lightbox WordPress plugin before 1.9.5 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Video Lightbox
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-2115 MEDIUM POC This Month

The Popup Anything WordPress plugin before 2.1.7 does not sanitise and escape a parameter before outputting it back in a frontend page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Popup Anything
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-2072 MEDIUM POC This Month

The Name Directory WordPress plugin before 1.25.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Name Directory
NVD WPScan
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-2071 MEDIUM POC This Month

The Name Directory WordPress plugin before 1.25.4 does not have CSRF check when importing names, and is also lacking sanitisation as well as escaping in some of the imported data, which could allow. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS WordPress Name Directory
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-0899 MEDIUM POC This Month

The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Header Footer Code Manager
NVD WPScan
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-34575 MEDIUM POC This Month

An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing fctest.shtml. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wifi Repeater Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.6%
CVE-2022-34574 MEDIUM POC This Month

An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing Tftpd32.ini. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wifi Repeater Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.6%
CVE-2022-34572 MEDIUM POC This Month

An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the telnet password via accessing the page tftp.txt. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wifi Repeater Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.6%
CVE-2022-34962 MEDIUM POC This Month

OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Group Timeline module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Source Social Network
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-34963 MEDIUM POC PATCH This Month

OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the News Feed module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Source Social Network
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-34961 MEDIUM POC This Month

OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Users Timeline module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Source Social Network
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-2299 MEDIUM POC This Month

The Allow SVG Files WordPress plugin through 1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Allow Svg Files
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-0594 MEDIUM POC This Month

The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v <. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Shareaholic
NVD WPScan
CVSS 3.1
5.3
EPSS
1.6%
CVE-2022-34964 MEDIUM POC This Month

OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the SitePages module. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Source Social Network
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2022-2341 MEDIUM POC This Month

The Simple Page Transition WordPress plugin through 1.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Simple Page Transition
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-2340 MEDIUM POC This Month

The W-DALIL WordPress plugin through 2.0 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress W Dalil
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-2239 MEDIUM POC This Month

The Request a Quote WordPress plugin before 2.3.9 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Request A Quote
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-1307 MEDIUM POC This Month

Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-1306 MEDIUM POC This Month

Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-35288 MEDIUM PATCH This Month

IBM Security Verify Information Queue 10.0.2 could allow a user to obtain sensitive information that could be used in further attacks against the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Security Verify Information Queue
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-35652 MEDIUM PATCH This Month

An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Moodle Fedora
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-35651 MEDIUM PATCH This Month

A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

SSRF XSS Moodle Enterprise Linux Fedora
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-21802 MEDIUM PATCH This Month

The package grapesjs before 0.19.5 are vulnerable to Cross-site Scripting (XSS) due to an improper sanitization of the class name in Selector Manager. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Grapesjs
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-22999 MEDIUM This Month

Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges access to drives being backed up to construct and. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS My Cloud Pr2100 Firmware My Cloud Pr4100 Firmware My Cloud Ex4100 Firmware My Cloud Ex2 Ultra Firmware +4
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2022-2059 MEDIUM This Month

In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pandora Fms
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-2032 MEDIUM This Month

In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pandora Fms
NVD
CVSS 3.1
4.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy