Skip to main content
CVE-2022-4215 MEDIUM POC PATCH This Month

The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'date' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.3 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Chained Quiz
NVD VulDB GitHub
CVSS 3.1
6.1
EPSS
2.5%
CVE-2022-45668 MEDIUM POC This Month

Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda CSRF I22 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-45667 MEDIUM POC This Month

Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda CSRF I22 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-45674 MEDIUM POC This Month

Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda CSRF Ac6 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-45673 MEDIUM POC This Month

Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda CSRF Ac6 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-4208 MEDIUM POC PATCH This Month

The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'datef' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Chained Quiz
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
2.0%
CVE-2022-4211 MEDIUM POC PATCH This Month

The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'emailf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Chained Quiz
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
1.8%
CVE-2022-4210 MEDIUM POC PATCH This Month

The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dnf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Chained Quiz
NVD VulDB GitHub
CVSS 3.1
6.1
EPSS
1.8%
CVE-2022-4214 MEDIUM POC PATCH This Month

The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ip' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.3 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Chained Quiz
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
1.8%
CVE-2022-4212 MEDIUM POC PATCH This Month

The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ipf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Chained Quiz
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
1.8%
CVE-2022-4209 MEDIUM POC PATCH This Month

The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pointsf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Chained Quiz
NVD VulDB GitHub
CVSS 3.1
6.1
EPSS
1.8%
CVE-2022-4217 MEDIUM POC PATCH This Month

The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Chained Quiz
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-4216 MEDIUM POC PATCH This Month

The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'facebook_appid' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Chained Quiz
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-44946 MEDIUM POC This Month

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
1.0%
CVE-2022-44944 MEDIUM POC This Month

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
1.0%
CVE-2022-44957 MEDIUM POC This Month

webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webtareas
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
1.0%
CVE-2022-44947 MEDIUM POC This Month

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
1.0%
CVE-2022-44951 MEDIUM POC This Month

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-44950 MEDIUM POC This Month

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-44949 MEDIUM POC This Month

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-44952 MEDIUM POC This Month

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-44948 MEDIUM POC This Month

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-44959 MEDIUM POC This Month

webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /meetings/listmeetings.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webtareas
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-44956 MEDIUM POC This Month

webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /projects/listprojects.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webtareas
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-44954 MEDIUM POC This Month

webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /contacts/listcontacts.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webtareas
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-44953 MEDIUM POC This Month

webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfiles.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webtareas
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-44962 MEDIUM POC This Month

webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webtareas
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-44961 MEDIUM POC This Month

webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /forums/editforum.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webtareas
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-44960 MEDIUM POC This Month

webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /general/search.php?searchtype=simple. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webtareas
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-44955 MEDIUM POC This Month

webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the Chat function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webtareas
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-4218 MEDIUM POC PATCH This Month

The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Chained Quiz
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2022-4220 MEDIUM POC PATCH This Month

The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Chained Quiz
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2022-4219 MEDIUM POC PATCH This Month

The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Chained Quiz
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2022-4271 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Osticket
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-4213 MEDIUM PATCH This Month

The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dn' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.2 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Chained Quiz
NVD VulDB
CVSS 3.1
6.1
EPSS
3.8%
CVE-2022-45483 MEDIUM This Month

Lazy Mouse allows an attacker (in a man in the middle position between the server and a connected device) to see all data (including keypresses) in cleartext. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Lazy Mouse
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2022-45480 MEDIUM This Month

PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Pc Keyboard Wifi Bluetooth
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2022-45215 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Book Store Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-46159 MEDIUM PATCH This Month

Discourse is an open-source discussion platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Discourse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy