Skip to main content
CVE-2022-38374 MEDIUM This Month

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4 allows an attacker to execute unauthorized code or commands. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet XSS Fortiadc
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2022-42473 MEDIUM This Month

A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and 7.2.0 allows an attacker to disclose information via logging into the database. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortisoar
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-39949 MEDIUM This Month

An improper control of a resource through its lifetime vulnerability [CWE-664] in FortiEDR CollectorWindows 4.0.0 through 4.1, 5.0.0 through 5.0.3.751, 5.1.0 may allow a privileged user to terminate. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fortiedr
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-33878 MEDIUM PATCH This Month

An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiClient for Mac versions 7.0.0 through 7.0.5 may allow a local authenticated attacker to obtain the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Fortinet Information Disclosure Forticlient
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-2904 MEDIUM This Month

A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-43670 MEDIUM PATCH This Month

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sling Cms
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2022-39950 MEDIUM This Month

An improper neutralization of input during web page generation vulnerability [CWE-79] exists in FortiManager and FortiAnalyzer 6.0.0 all versions, 6.2.0 all versions, 6.4.0 through 6.4.8, and 7.0.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortianalyzer Fortimanager
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-38373 MEDIUM This Month

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface 4.2.0, 4.1.0 through 4.1.1, 4.0.2 may allow an authenticated user to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortideceptor
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-35851 MEDIUM This Month

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiADC management interface 7.1.0 may allow a remote and authenticated attacker to trigger a stored cross. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortiadc
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-39378 MEDIUM This Month

Discourse is a platform for community discussion. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-39241 MEDIUM This Month

Discourse is a platform for community discussion. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Discourse
NVD GitHub
CVSS 3.1
4.9
EPSS
0.5%
CVE-2022-44586 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Am Hili
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-44576 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Agenteasy Properties
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-38380 MEDIUM This Month

An improper access control [CWE-284] vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortios
NVD
CVSS 3.1
4.3
EPSS
23.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy