Skip to main content
CVE-2022-38358 MEDIUM POC This Month

Improper neutralization of input during web page generation leaves the Eyes of Network web application vulnerable to cross-site scripting attacks at /module/admin_notifiers/rules.php and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Eyes Of Network Web
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-2814 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Simple and Nice Shopping Cart Script and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Simple And Nice Shopping Cart Script
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-2811 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Guest Management System. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Guest Management System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-2378 MEDIUM POC This Month

The Easy Student Results WordPress plugin through 2.2.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Easy Student Results
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-2116 MEDIUM POC This Month

The Contact Form DB WordPress plugin before 1.8.0 does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Contact Form Db Elementor
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-24654 MEDIUM POC This Month

Authenticated stored cross-site scripting (XSS) vulnerability in "Field Server Address" field in INTELBRAS ATA 200 Firmware 74.19.10.21 allows attackers to inject JavaScript code through a crafted. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ata 200 Firmware
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
1.1%
CVE-2022-2824 MEDIUM POC PATCH This Month

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Openemr
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-33991 MEDIUM POC This Month

dproxy-nexgen (aka dproxy nexgen) forwards and caches DNS queries with the CD (aka checking disabled) bit set to 1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dproxy Nexgen
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-33989 MEDIUM POC This Month

dproxy-nexgen (aka dproxy nexgen) uses a static UDP source port (selected randomly only at boot time) in upstream queries sent to DNS resolvers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Dproxy Nexgen
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-35948 MEDIUM POC PATCH This Month

undici is an HTTP/1.1 client, written from scratch for Node.js.`=< undici@5.8.0` users are vulnerable to _CRLF Injection_ on headers when using unsanitized input as request headers, more. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Node.js Undici
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2022-2535 MEDIUM POC This Month

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Searchwp Live Ajax Search
NVD WPScan
CVSS 3.1
5.3
EPSS
1.5%
CVE-2022-2384 MEDIUM POC This Month

The Digital Publications by Supsystic WordPress plugin before 1.7.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Digital Publications By Supsystic
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2152 MEDIUM POC This Month

The Duplicate Page and Post WordPress plugin before 2.8 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Duplicate Page And Post
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-35961 MEDIUM PATCH This Month

OpenZeppelin Contracts is a library for secure smart contract development. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Contracts Contracts Upgradeable
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-38190 MEDIUM This Month

A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS configurable apps may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Portal For Arcgis
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-38188 MEDIUM This Month

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Portal For Arcgis
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-38186 MEDIUM This Month

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below which may allow a remote attacker able to convince a user to click on a crafted link which could potentially. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Portal For Arcgis
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-38191 MEDIUM This Month

There is an HTML injection issue in Esri Portal for ArcGIS versions 10.9.0 and below which may allow a remote, authenticated attacker to inject HTML into some locations in the home application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Portal For Arcgis
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-33993 MEDIUM This Month

Misinterpretation of special domain name characters in DNRD (aka Domain Name Relay Daemon) 2.20.3 leads to cache poisoning because domain names and their associated IP addresses are cached in their. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Domain Name Relay Daemon
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-35954 MEDIUM PATCH This Month

The GitHub Actions ToolKit provides a set of packages to make creating actions easier. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Toolkit
NVD GitHub
CVSS 3.1
5.0
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy