Skip to main content
CVE-2022-38463 MEDIUM POC This Month

ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Servicenow
NVD
CVSS 3.1
6.1
EPSS
2.3%
CVE-2022-2956 MEDIUM POC This Month

A vulnerability classified as problematic has been found in ConsoleTVs Noxen. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Noxen
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-2829 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Yetiforce Customer Relationship Management
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-2796 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.4. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
4.8
EPSS
1.5%
CVE-2022-2965 MEDIUM POC PATCH This Month

Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Notrinoserp
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-35278 MEDIUM PATCH This Month

In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache XSS Artemis Active Iq Unified Manager Oncommand Workflow Automation
NVD VulDB
CVSS 3.1
6.1
EPSS
7.9%
CVE-2022-35191 MEDIUM This Month

D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via a crafted HTTP connection request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service D-Link Dsl 3782 Firmware
NVD VulDB
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-38665 MEDIUM PATCH This Month

Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Collabnet
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-38663 MEDIUM PATCH This Month

Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Git
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-37428 MEDIUM This Month

PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Recursor Fedora
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-34868 MEDIUM PATCH This Month

Authenticated Arbitrary Settings Update vulnerability in YooMoney ЮKassa для WooCommerce plugin <= 2.3.0 at WordPress. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress Privilege Escalation Yukassa For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-33142 MEDIUM PATCH This Month

Authenticated (subscriber+) Denial Of Service (DoS) vulnerability in WordPlus WordPress Better Messages plugin <= 1.9.10.57 at WordPress. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

WordPress Denial Of Service Better Messages
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-38172 MEDIUM This Month

ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytics dashboard. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Servicenow
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-29476 MEDIUM PATCH This Month

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in 8 Degree Themes otification Bar for WordPress plugin <= 1.1.8 at WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS WordPress Notification Bar
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-27637 MEDIUM PATCH This Month

Reflected cross-site scripting vulnerability in PukiWiki versions 1.5.1 to 1.5.3 allows a remote attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Pukiwiki
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-38664 MEDIUM PATCH This Month

Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Job Configuration History
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-36405 MEDIUM This Month

Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in amCharts: Charts and Maps plugin <= 1.4 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Amcharts
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-36347 MEDIUM This Month

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alpine Press Alpine PhotoTile for Pinterest plugin <= 1.3.1 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Alpine Phototile For Pinterest
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-36341 MEDIUM This Month

Authenticated (subscriber+) plugin settings change leading to Stored Cross-Site Scripting (XSS) vulnerability in Akash soni's AS - Create Pinterest Pinboard Pages plugin <= 1.0 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress As Create Pinterest Pinboard Pages
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-36282 MEDIUM PATCH This Month

Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Roman Pronskiy's Search Exclude plugin <= 1.2.6 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS WordPress Search Exclude
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-34658 MEDIUM PATCH This Month

Multiple Authenticated (contributor+) Persistent Cross-Site Scripting (XSS) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS WordPress Download Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-34648 MEDIUM This Month

Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Uploading Svg Webp And Ico Files
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-36350 MEDIUM PATCH This Month

Stored cross-site scripting vulnerability in PukiWiki versions 1.3.1 to 1.5.3 allows a remote attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Pukiwiki
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-35242 MEDIUM PATCH This Month

Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin <= 3.4.1 at WordPress. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Privilege Escalation The Leads Management System
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-1989 MEDIUM This Month

All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Visualization
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-35235 MEDIUM PATCH This Month

Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress Path Traversal Wpide File Manager Code Editor
NVD
CVSS 3.1
4.9
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy