Skip to main content
CVE-2022-44788 MEDIUM POC This Month

An issue was discovered in Appalti & Contratti 9.12.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Session Fixation Appalti Contratti
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-4096 MEDIUM POC PATCH This Month

Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/appsmith prior to 1.8.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Appsmith
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-3762 MEDIUM POC This Month

The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not validate. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Booster For Woocommerce
NVD WPScan
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-44787 MEDIUM POC This Month

An issue was discovered in Appalti & Contratti 9.12.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Appalti Contratti
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-0421 MEDIUM POC This Month

The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Five Star Restaurant Reservations
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-45146 MEDIUM POC PATCH This Month

An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Use After Free Memory Corruption Fips Java Api
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-4105 MEDIUM POC PATCH This Month

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack (clickjacking) and an HTML injection which disables the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Kiwi Tcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-43117 MEDIUM POC This Month

Sourcecodester Password Storage Application in PHP/OOP and MySQL 1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Name, Username, Description and Site Feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Password Storage Application
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-1581 MEDIUM POC This Month

The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Wp Polls
NVD WPScan
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-42096 MEDIUM POC This Month

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Backdrop Cms
NVD GitHub
CVSS 3.1
4.8
EPSS
2.0%
CVE-2022-40470 MEDIUM POC This Month

Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripting via Add Blood Group Name Feature. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Blood Donor Management System
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-45017 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wbce Cms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3753 MEDIUM POC This Month

The Evaluate WordPress plugin through 1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Evaluate
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3690 MEDIUM POC This Month

The Popup Maker WordPress plugin before 1.16.11 does not sanitise and escape some of its Popup options, which could allow users with a role as low as Contributor to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Popup Maker
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-3618 MEDIUM POC This Month

The Spacer WordPress plugin before 3.0.7 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Spacer
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3750 MEDIUM POC This Month

The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Ask Me
NVD WPScan
CVSS 3.1
4.7
EPSS
0.4%
CVE-2022-3336 MEDIUM POC This Month

The Event Monster WordPress plugin before 1.2.0 does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Event Monster
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-35897 MEDIUM This Month

An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Kernel
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2022-40746 MEDIUM PATCH This Month

IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking. Rated medium severity (CVSS 6.7). This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection IBM I Access Client Solutions
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-38146 MEDIUM PATCH This Month

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Framework
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-38755 MEDIUM This Month

A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Filr
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-45016 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wbce Cms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-45015 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wbce Cms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-45014 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wbce Cms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-45013 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wbce Cms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-45012 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wbce Cms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-4087 MEDIUM PATCH This Month

A vulnerability was found in iPXE. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Authentication Bypass Ipxe
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy