Skip to main content
CVE-2022-28982 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows attackers to execute arbitrary web scripts or HTML via a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Dxp Liferay Portal
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-2266 MEDIUM This Month

University Library Automation System developed by Yordam Bilgi Teknolojileri before version 19.2 has an unauthenticated Reflected XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Library Automation System
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-39197 MEDIUM KEV THREAT This Month

An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cobalt Strike
NVD
CVSS 3.1
6.1
EPSS
46.4%
CVE-2022-28978 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Digital Experience Platform Dxp Liferay Portal
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-38648 MEDIUM PATCH This Month

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources.14. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Batik Debian Linux
NVD
CVSS 3.1
5.3
EPSS
2.0%
CVE-2022-38398 MEDIUM PATCH This Month

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol.14. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Batik Debian Linux
NVD
CVSS 3.1
5.3
EPSS
2.0%
CVE-2022-39975 MEDIUM PATCH This Month

The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Dxp Liferay Portal
NVD VulDB
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-36062 LOW PATCH Monitor

Grafana is an open-source platform for monitoring and observability. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity.

Grafana Privilege Escalation
NVD GitHub
CVSS 3.1
3.8
EPSS
0.6%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy