Skip to main content
CVE-2022-34297 MEDIUM POC This Month

Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload into any field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gii
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-45292 MEDIUM POC This Month

User invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Funkwhale
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-44213 MEDIUM POC This Month

ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Automatic Data Master Server
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-38765 MEDIUM This Month

Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Vitrea View
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-29839 MEDIUM This Month

Insufficiently Protected Credentials vulnerability in the remote backups application on Western Digital My Cloud devices that could allow an attacker who has gained access to a relevant endpoint to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure My Cloud Os
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-41299 MEDIUM This Month

IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Transformation Advisor
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-4336 MEDIUM This Month

In BAOTA linux panel there exists a stored xss vulnerability attackers can use to obtain sensitive information via the log analysis feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Baota
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-25630 MEDIUM POC This Month

An authenticated user can embed malicious content with XSS into the admin group policy page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Messaging Gateway
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
1.5%
CVE-2022-25629 MEDIUM This Month

An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Messaging Gateway
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-4377 MEDIUM This Month

A vulnerability was found in S-CMS 5.0 Build 20220328. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS S Cms
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-33187 MEDIUM This Month

Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Brocade Sannav
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2022-29838 MEDIUM This Month

Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass My Cloud Os
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2022-4264 MEDIUM This Month

Incorrect Privilege Assignment in M-Files Web (Classic) in M-Files before 22.8.11691.0 allows low privilege user to change some configuration. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation M Files
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy