Vulnerabilities > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-02-01	CVE-2022-4206	A sensitive information leak issue has been discovered in all versions of DAST API scanner from 1.6.50 prior to 2.0.102, exposing the Authorization header in the vulnerability report network low complexity	6.5
2023-02-01	CVE-2023-0606	Cross-site Scripting vulnerability in Ampache Cross-site Scripting (XSS) - Reflected in GitHub repository ampache/ampache prior to 5.5.7. network low complexity ampache CWE-79	6.1
2023-01-31	CVE-2022-45598	Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.17 allows attacker to execute arbitrary code via improper santization. network low complexity CWE-79	6.1
2023-01-31	CVE-2022-44644	Cleartext Storage of Sensitive Information vulnerability in Apache Linkis In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, an authenticated attacker could read arbitrary local file by connecting a rogue mysql server, By adding allowLoadLocalInfile to true in the jdbc parameter. network low complexity apache CWE-312	6.5
2023-01-31	CVE-2023-0591	ubireader_extract_files is vulnerable to path traversal when run against specifically crafted UBIFS files, allowing the attacker to overwrite files outside of the extraction directory (provided the process has write access to that file or directory). local low complexity CWE-22	5.5
2023-01-31	CVE-2022-39061	ChangingTech MegaServiSignAdapter component has a vulnerability of Out-of-bounds Read due to insufficient validation for parameter length. network low complexity CWE-125	6.5
2023-01-31	CVE-2022-25979	Cross-site Scripting vulnerability in Jsuites Versions of the package jsuites before 5.0.1 are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization in the Editor() function. network low complexity jsuites CWE-79	6.1
2023-01-31	CVE-2022-4898	In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. network low complexity CWE-79	5.4
2023-01-31	CVE-2022-40258	AMI Megarac Weak password hashes for Redfish & API network low complexity CWE-916	5.3
2023-01-31	CVE-2022-44897	Cross-site Scripting vulnerability in Apollotheme AP Pagebuilder 2.4.4 A cross-site scripting (XSS) vulnerability in ApolloTheme AP PageBuilder component through 2.4.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the show_number parameter. network low complexity apollotheme CWE-79	6.1

Vulnerabilities > Medium {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Medium"}]}

Vulnerabilities > Medium