Skip to main content
CVE-2022-45895 MEDIUM POC This Month

Planet eStream before 6.72.10.07 discloses sensitive information, related to the ON cookie (findable in HTML source code for Default.aspx in some situations) and the WhoAmI endpoint (e.g., path. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Planet Estream
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-45894 MEDIUM POC This Month

GetFile.aspx in Planet eStream before 6.72.10.07 allows ..\ directory traversal to read arbitrary local files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Planet Estream
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-44014 MEDIUM POC This Month

An issue was discovered in Simmeth Lieferantenmanager before 5.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lieferantenmanager
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-4740 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in kkFileView. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kkfileview
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-45890 MEDIUM POC This Month

In Planet eStream before 6.72.10.07, a Reflected Cross-Site Scripting (XSS) vulnerability exists via any metadata filter field (e.g., search within Default.aspx with the r or fo parameter). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Planet Estream
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-44380 MEDIUM POC PATCH This Month

Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned Assets. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Snipe It
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-44012 MEDIUM POC This Month

An issue was discovered in /DS/LM_API/api/SelectionService/InsertQueryWithActiveRelationsReturnId in Simmeth Lieferantenmanager before 5.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lieferantenmanager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-45892 MEDIUM POC This Month

In Planet eStream before 6.72.10.07, multiple Stored Cross-Site Scripting (XSS) vulnerabilities exist: Disclaimer, Search Function, Comments, Batch editing tool, Content Creation, Related Media,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Planet Estream
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-44381 MEDIUM POC This Month

Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Snipe It
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-4741 MEDIUM PATCH This Month

A vulnerability was found in docconv up to 1.2.0 and classified as problematic. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Docconv
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-41317 MEDIUM PATCH This Month

An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Squid
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2022-4738 MEDIUM This Month

A vulnerability classified as problematic has been found in SourceCodester Blood Bank Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Blood Bank Management System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-4736 MEDIUM PATCH This Month

A vulnerability was found in Venganzas del Pasado and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Venganzas Del Pasado
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-4735 MEDIUM PATCH This Month

A vulnerability classified as problematic was found in asrashley dash-live. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Dash Live
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-4731 MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, was found in myapnea up to 29.0.x. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Myapnea
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy