Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4740 | 1 Keking | 1 Kkfileview | 2024-11-21 | N/A | 3.5 LOW |
|
A vulnerability, which was classified as problematic, has been found in kkFileView. Affected by this issue is the function setWatermarkAttribute of the file /picturesPreview. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216776.
|
|||||
| CVE-2022-4738 | 1 Blood Bank Management System Project | 1 Blood Bank Management System | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A vulnerability classified as problematic has been found in SourceCodester Blood Bank Management System 1.0. Affected is an unknown function of the file index.php?page=users of the component User Registration Handler. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. VDB-216774 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2022-4736 | 1 Venganzasdelpasado | 1 Venganzas Del Pasado | 2024-11-21 | N/A | 3.5 LOW |
|
A vulnerability was found in Venganzas del Pasado and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument the_title leads to cross site scripting. The attack may be launched remotely. The name of the patch is 62339b2ec445692c710b804bdf07aef4bd247ff7. It is recommended to apply a patch to fix this issue. VDB-216770 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2022-4735 | 1 Dash-live Project | 1 Dash-live | 2024-11-21 | N/A | 3.5 LOW |
|
A vulnerability classified as problematic was found in asrashley dash-live. This vulnerability affects the function ready of the file static/js/media.js of the component DOM Node Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 24d01757a5319cc14c4aa1d8b53d1ab24d48e451. It is recommended to apply a patch to fix this issue. VDB-216766 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2022-4733 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2.
|
|||||
| CVE-2022-4731 | 1 Myapnea | 1 Myapnea | 2024-11-21 | N/A | 2.4 LOW |
|
A vulnerability, which was classified as problematic, was found in myapnea up to 29.0.x. Affected is an unknown function of the component Title Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 29.1.0 is able to address this issue. The name of the patch is 99934258530d761bd5d09809bfa6c14b598f8d18. It is recommended to upgrade the affected component. VDB-216750 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2022-4730 | 1 Graphite Project | 1 Graphite | 2024-11-21 | N/A | 3.5 LOW |
|
A vulnerability was found in Graphite Web. It has been classified as problematic. Affected is an unknown function of the component Absolute Time Range Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2f178f490e10efc03cd1d27c72f64ecab224eb23. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216744.
|
|||||
| CVE-2022-4729 | 1 Graphite Project | 1 Graphite | 2024-11-21 | N/A | 3.5 LOW |
|
A vulnerability was found in Graphite Web and classified as problematic. This issue affects some unknown processing of the component Template Name Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2f178f490e10efc03cd1d27c72f64ecab224eb23. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216743.
|
|||||
| CVE-2022-4728 | 1 Graphite Project | 1 Graphite | 2024-11-21 | N/A | 3.5 LOW |
|
A vulnerability has been found in Graphite Web and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2f178f490e10efc03cd1d27c72f64ecab224eb23. It is recommended to apply a patch to fix this issue. VDB-216742 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2022-4727 | 1 Openmrs | 1 Appointment Scheduling Module | 2024-11-21 | N/A | 3.5 LOW |
|
A vulnerability, which was classified as problematic, was found in OpenMRS Appointment Scheduling Module up to 1.16.x. This affects the function getNotes of the file api/src/main/java/org/openmrs/module/appointmentscheduling/AppointmentRequest.java of the component Notes Handler. The manipulation of the argument notes leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.17.0 is able to address this issue. The name of the patch is 2ccbe39c020809765 ...
Show More |
|||||
| CVE-2022-4712 | 1 Cerber | 1 Wp Cerber Security\, Anti-spam \& Malware Scan | 2024-11-21 | N/A | 7.2 HIGH |
|
The WP Cerber Security plugin for WordPress is vulnerable to stored cross-site scripting via the log parameter when logging in to the site in versions up to, and including, 9.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2022-4695 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
|
|||||
| CVE-2022-4694 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
|
|||||
| CVE-2022-4692 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
|
|||||
| CVE-2022-4691 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
|
|||||
| CVE-2022-4690 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
|
|||||
| CVE-2022-4663 | 1 Youngtechleads | 1 Members Import | 2024-11-21 | N/A | 5.5 MEDIUM |
|
The Members Import plugin for WordPress is vulnerable to Self Cross-Site Scripting via the user_login parameter in an imported CSV file in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a site's administrator into uploading a CSV file with the malicious payload.
|
|||||
| CVE-2022-4647 | 1 Microweber | 1 Microweber | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2.
|
|||||
| CVE-2022-4642 | 1 Tatoeba | 1 Tatoeba2 | 2024-11-21 | N/A | 3.5 LOW |
|
A vulnerability was found in tatoeba2. It has been classified as problematic. This affects an unknown part of the component Profile Name Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version prod_2022-10-30 is able to address this issue. The name of the patch is 91110777fc8ddf1b4a2cf4e66e67db69b9700361. It is recommended to upgrade the affected component. The iden ...
Show More |
|||||
| CVE-2022-4638 | 1 Collective.contact.widget Project | 1 Collective.contact.widget | 2024-11-21 | N/A | 3.5 LOW |
|
A vulnerability classified as problematic was found in collective.contact.widget up to 1.12. This vulnerability affects the function title of the file src/collective/contact/widget/widgets.py. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 5da36305ca7ed433782be8901c47387406fcda12. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216496.
|
|||||
| CVE-2022-4637 | 1 Ep-3bookingsystem | 1 Ep-3 Bookingsystem | 2024-11-21 | N/A | 3.5 LOW |
|
A vulnerability classified as problematic has been found in ep3-bs up to 1.7.x. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.8.0 is able to address this issue. The name of the patch is ef49e709c8adecc3a83cdc6164a67162991d2213. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216495.
|
|||||
| CVE-2022-4632 | 1 Auto Upload Images Project | 1 Auto Upload Images | 2024-11-21 | N/A | 3.5 LOW |
|
A vulnerability has been found in Auto Upload Images up to 3.3.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.3.1 is able to address this issue. The name of the patch is 895770ee93887ec78429c78ffdfb865bee6f9436. It is recommended to upgrade the affected component. The identifier VDB-216481 was assigned to this vulnerability.
|
|||||
| CVE-2022-4631 | 1 Wp-ban Project | 1 Wp-ban | 2024-11-21 | N/A | 3.5 LOW |
|
A vulnerability, which was classified as problematic, was found in WP-Ban. Affected is an unknown function of the file ban-options.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 22b925449c84faa9b7496abe4f8f5661cb5eb3bf. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216480.
|
|||||
| CVE-2022-4617 | 1 Microweber | 1 Microweber | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2.
|
|||||
| CVE-2022-4615 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.
|
|||||
| CVE-2022-4614 | 1 Znote | 1 Znote | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository alagrede/znote-app prior to 1.7.11.
|
|||||
| CVE-2022-4609 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
|
|||||
| CVE-2022-4605 | 1 Flatpress | 1 Flatpress | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
|
|||||
| CVE-2022-4602 | 1 Shoplazza | 1 Lifestyle | 2024-11-21 | N/A | 3.5 LOW |
|
A vulnerability was found in Shoplazza LifeStyle 1.1. It has been rated as problematic. This issue affects some unknown processing of the file /admin/api/theme-edit/ of the component Review Flow Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-216197 was assigned to this vulnerability.
|
|||||
| CVE-2022-4601 | 1 Shoplazza | 1 Lifestyle | 2024-11-21 | N/A | 3.5 LOW |
|
A vulnerability was found in Shoplazza LifeStyle 1.1. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/api/theme-edit/ of the component Shipping/Member Discount/Icon. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216196.
|
|||||
| CVE-2022-4600 | 1 Shoplazza | 1 Lifestyle | 2024-11-21 | N/A | 3.5 LOW |
|
A vulnerability was found in Shoplazza LifeStyle 1.1. It has been classified as problematic. This affects an unknown part of the file /admin/api/theme-edit/ of the component Product Carousel Handler. The manipulation of the argument Heading/Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-216195.
|
|||||
| CVE-2022-4599 | 1 Shoplazza | 1 Lifestyle | 2024-11-21 | N/A | 3.5 LOW |
|
A vulnerability was found in Shoplazza LifeStyle 1.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/api/theme-edit/ of the component Product Handler. The manipulation of the argument Subheading/Heading/Text/Button Text/Label leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-216194 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2022-4598 | 1 Shoplazza | 1 Lifestyle | 2024-11-21 | N/A | 3.5 LOW |
|
A vulnerability has been found in Shoplazza LifeStyle 1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/api/theme-edit/ of the component Announcement Handler. The manipulation of the argument Text/Mobile Text leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-216193 was assigned to this vulnerability.
|
|||||
| CVE-2022-4597 | 1 Shoplazza | 1 Lifestyle | 2024-11-21 | N/A | 3.5 LOW |
|
A vulnerability, which was classified as problematic, was found in Shoplazza LifeStyle 1.1. Affected is an unknown function of the file /admin/api/admin/v2_products of the component Create Product Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216192.
|
|||||
| CVE-2022-4593 | 1 Retra-system Project | 1 Retra-system | 2024-11-21 | N/A | 3.5 LOW |
|
A vulnerability was found in retra-system. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a6d94ab88f4a6f631a14c59b72461140fb57ae1f. It is recommended to apply a patch to fix this issue. VDB-216186 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2022-4591 | 1 Toto Project | 1 Toto | 2024-11-21 | N/A | 3.5 LOW |
|
A vulnerability was found in mschaef toto up to 1.4.20. It has been declared as problematic. This vulnerability affects unknown code of the component Email Parameter Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.4.21 is able to address this issue. The name of the patch is 1f27f37c1a06f54a76971f70eaa6139dc139bdf9. It is recommended to upgrade the affected component. VDB-216178 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2022-4590 | 1 Toto Project | 1 Toto | 2024-11-21 | N/A | 3.5 LOW |
|
A vulnerability was found in mschaef toto up to 1.4.20. It has been classified as problematic. This affects an unknown part of the component Todo List Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.4.21 is able to address this issue. The name of the patch is fdc825ac5249f40683377e8a526a06cdc6870125. It is recommended to upgrade the affected component. The identifier VDB-216177 was assigned to this vulnerability.
|
|||||
| CVE-2022-4588 | 1 Bostonsleep | 1 Slice | 2024-11-21 | N/A | 2.4 LOW |
|
A vulnerability, which was classified as problematic, was found in Boston Sleep slice up to 84.1.x. Affected is an unknown function of the component Layout Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 84.2.0 is able to address this issue. The name of the patch is 6523bb17d889e2ab13d767f38afefdb37083f1d0. It is recommended to upgrade the affected component. VDB-216174 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2022-4587 | 1 Oc-server3 Project | 1 Oc-server3 | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A vulnerability, which was classified as problematic, has been found in Opencaching Deutschland oc-server3. This issue affects some unknown processing of the file htdocs/templates2/ocstyle/login.tpl of the component Login Page. The manipulation of the argument username leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 3296ebd61e7fe49e93b5755d5d7766d6e94a7667. It is recommended to apply a patch to fix this issue. The identifier VDB-216173 was assigned t ...
Show More |
|||||
| CVE-2022-4586 | 1 Oc-server3 Project | 1 Oc-server3 | 2024-11-21 | N/A | 3.5 LOW |
|
A vulnerability classified as problematic was found in Opencaching Deutschland oc-server3. This vulnerability affects unknown code of the file htdocs/templates2/ocstyle/cachelists.tpl of the component Cachelist Handler. The manipulation of the argument name_filter/by_filter leads to cross site scripting. The attack can be initiated remotely. The name of the patch is a9f79c7da78cd24a7ef1d298e6bc86006972ea73. It is recommended to apply a patch to fix this issue. The identifier of this vulnerabilit ...
Show More |
|||||