Skip to main content
CVE-2022-38553 MEDIUM POC This Month

Academy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Academy Learning Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
2.3%
CVE-2022-2856 MEDIUM POC KEV PATCH THREAT This Month

Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Information Disclosure Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
4.5%
CVE-2022-39219 MEDIUM POC PATCH This Month

Bifrost is a middleware package which can synchronize MySQL/MariaDB binlog data to other types of databases. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Bifrost
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-3299 MEDIUM POC PATCH This Month

A vulnerability was found in Open5GS up to 2.4.10. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Open5gs
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-38970 MEDIUM POC This Month

ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ig20 Firmware Realserver
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-3062 MEDIUM POC THREAT This Month

The Simple File List WordPress plugin before 4.4.12 does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Simple File List
NVD WPScan
CVSS 3.1
6.1
EPSS
44.1%
CVE-2022-2404 MEDIUM POC This Month

The WP Popup Builder WordPress plugin before 1.2.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Popup Builder
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-21169 MEDIUM POC PATCH This Month

The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Prototype Pollution Express Xss Sanitizer
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-30003 MEDIUM POC This Month

Sourcecodester Online Market Place Site 1.0 is vulnerable to Cross Site Scripting (XSS), allowing attackers to register as a Seller then create new products containing XSS payloads in the 'Product. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Market Place Site
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-40044 MEDIUM POC PATCH This Month

Centreon v20.10.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Centreon
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-3025 MEDIUM POC This Month

The Bitcoin / Altcoin Faucet WordPress plugin through 1.6.0 does not have any CSRF check when saving its settings, allowing attacker to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS WordPress Bitcoin Altcoin Faucet
NVD WPScan
CVSS 3.1
5.4
EPSS
0.2%
CVE-2022-3024 MEDIUM POC This Month

The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS WordPress Simple Bitcoin Faucets
NVD WPScan
CVSS 3.1
5.4
EPSS
0.2%
CVE-2022-1755 MEDIUM POC This Month

The SVG Support WordPress plugin before 2.5 does not properly handle SVG added via an URL, which could allow users with a role as low as author to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Svg Support
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-1613 MEDIUM POC This Month

The Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Restricted Site Access
NVD WPScan
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-2926 MEDIUM POC This Month

The Download Manager WordPress plugin before 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal Download Manager
NVD WPScan
CVSS 3.1
4.9
EPSS
1.3%
CVE-2022-3135 MEDIUM POC This Month

The SEO Smart Links WordPress plugin through 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Seo Smart Links
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3074 MEDIUM POC This Month

The Slider Hero WordPress plugin before 8.4.4 does not escape the slider Name, which could allow high-privileged users to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Slider Hero
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3070 MEDIUM POC This Month

The Generate PDF WordPress plugin before 3.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Generate Pdf Using Contact Form 7
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3069 MEDIUM POC This Month

The WordLift WordPress plugin before 3.37.2 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wordlift
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3098 MEDIUM POC This Month

The Login Block IPs WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Login Block Ips
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-2405 MEDIUM POC This Month

The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Wp Popup Builder
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-3048 MEDIUM This Month

Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2022-3057 MEDIUM PATCH This Month

Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Google CSRF Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-3056 MEDIUM PATCH This Month

Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Authentication Bypass Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-3054 MEDIUM PATCH This Month

Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-3047 MEDIUM PATCH This Month

Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Authentication Bypass Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-3044 MEDIUM PATCH This Month

Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Authentication Bypass Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-2861 MEDIUM PATCH This Month

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Google XSS Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-2860 MEDIUM PATCH This Month

Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Authentication Bypass Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-3201 MEDIUM This Month

Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora Debian Linux
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-3053 MEDIUM This Month

Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Fedora
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy