Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-46771 | 1 Ibm | 1 Urbancode Deploy | 2024-11-21 | N/A | 4.6 MEDIUM |
|
IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 242273.
|
|||||
| CVE-2022-46733 | 1 Sewio | 1 Real-time Location System Studio | 2024-11-21 | N/A | 6.3 MEDIUM |
|
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site scripting in its backup services. An attacker could take advantage of this vulnerability to execute arbitrary commands.
|
|||||
| CVE-2022-46670 | 1 Rockwellautomation | 10 Micrologix 1100, Micrologix 1100 Firmware, Micrologix 1400 and 7 more | 2024-11-21 | N/A | 7.1 HIGH |
|
Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution. The vulnerability is an unauthenticated stored cross-site scripting vulnerability in the embedded webserver. The payload is transferred to the controller over SNMP and is rendered on the homepage of the embedded website.
|
|||||
| CVE-2022-46389 | 1 Servicenow | 1 Servicenow | 2024-11-21 | N/A | 6.1 MEDIUM |
|
There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b, Rome Patch 10 Hotfix 3b, San Diego Patch 9, Tokyo Patch 4, and Utah GA. This enables an unauthenticated remote attacker to execute arbitrary JavaScript code in the browser-based web console.
|
|||||
| CVE-2022-46369 | 1 Maxum | 1 Rumpus | 2024-11-21 | N/A | 6.8 MEDIUM |
|
Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting (PXSS) – vulnerability may allow inserting scripts into unspecified input fields.
|
|||||
| CVE-2022-46332 | 1 Proofpoint | 1 Enterprise Protection | 2024-11-21 | N/A | 9.6 CRITICAL |
|
The Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored cross-site scripting vulnerability that enables an anonymous email sender to gain admin privileges within the user interface. This affects all versions 8.19.0 and below.
|
|||||
| CVE-2022-46181 | 1 Gotify | 1 Server | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts **if** another user opened a link. The attacker could potentially take over the account of the user that clicked the link. The Gotify UI won't natively expose such a malicious link, so an attacker has to get the user to open the malicious link in a c ...
Show More |
|||||
| CVE-2022-46180 | 1 Discourse | 1 Mermaid | 2024-11-21 | N/A | 5.0 MEDIUM |
|
Discourse Mermaid (discourse-mermaid-theme-component) allows users of Discourse, open-source forum software, to create graphs using the Mermaid syntax. Users of discourse-mermaid-theme-component version 1.0.0 who can create posts are able to inject arbitrary HTML on that post. The issue has been fixed on the `main` branch of the GitHub repository, with 1.1.0 named as a patched version. Admins can update the theme component through the admin UI. As a workaround, admins can temporarily disable dis ...
Show More |
|||||
| CVE-2022-46165 | 1 Syncthing | 1 Syncthing | 2024-11-21 | N/A | 4.6 MEDIUM |
|
Syncthing is an open source, continuous file synchronization program. In versions prior to 1.23.5 a compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared folder settings and moves the mouse over the latest sync, a script could be executed to change settings for shared folders or add devices automatically. Additionally adding a new device with a malicious name could embed HT ...
Show More |
|||||
| CVE-2022-46162 | 1 Discourse | 1 Discourse Bbcode | 2024-11-21 | N/A | 8.8 HIGH |
|
discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patched in commit 91478f5. As a workaround, ensure that the Content Security Policy is enabled and monitor any posts that contain bbcode.
|
|||||
| CVE-2022-46151 | 1 Pinterest | 1 Querybook | 2024-11-21 | N/A | 6.3 MEDIUM |
|
Querybook is an open source data querying UI. In affected versions user provided data is not escaped in the error field of the auth callback url in `querybook/server/app/auth/oauth_auth.py` and `querybook/server/app/auth/okta_auth.py`. This may allow attackers to perform reflected cross site scripting (XSS) if Content Security Policy (CSP) is not enabled or `unsafe-inline` is allowed. Users are advised to upgrade to the latest, patched version of querybook (version 3.14.2 or greater). Users unab ...
Show More |
|||||
| CVE-2022-46148 | 1 Discourse | 1 Discourse | 2024-11-21 | N/A | 7.1 HIGH |
|
Discourse is an open-source messaging platform. In versions 2.8.10 and prior on the `stable` branch and versions 2.9.0.beta11 and prior on the `beta` and `tests-passed` branches, users composing malicious messages and navigating to drafts page could self-XSS. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse’s default Content Security Policy. This issue is patched in the latest stable, beta and tests-passed versions of Discourse.
|
|||||
| CVE-2022-46147 | 1 Openedx | 1 Xblock-drag-and-drop-v2 | 2024-11-21 | N/A | 8.4 HIGH |
|
Drag and Drop XBlock v2 implements a drag-and-drop style problem, where a learner has to drag items to zones on a target image. Versions prior to 3.0.0 are vulnerable to cross-site scripting in multiple XBlock Fields. Any platform that has deployed the XBlock may be impacted. Version 3.0.0 contains a patch for this issue. There are no known workarounds.
|
|||||
| CVE-2022-45849 | 1 Colorlib | 1 Activello Theme | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Silkalns Activello theme <= 1.4.4 versions.
|
|||||
| CVE-2022-45848 | 1 Contest-gallery | 1 Contest Gallery | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Contest Gallery plugin <= 13.1.0.9 on WordPress.
|
|||||
| CVE-2022-45843 | 1 Nextendweb | 1 Smart Slider 3 | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Nextend Smart Slider 3 plugin <= 3.5.1.9 versions.
|
|||||
| CVE-2022-45839 | 1 Webhelpagency | 1 Wha Puzzle | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WHA WHA Puzzle plugin <= 1.0.9 versions.
|
|||||
| CVE-2022-45838 | 1 Reputeinfosystems | 1 Arforms Form Builder | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARForms Form Builder plugin <= 1.5.5 versions.
|
|||||
| CVE-2022-45837 | 1 Wpjam | 1 Wechat Robot | 2024-11-21 | N/A | 7.1 HIGH |
|
Reflected Cross-Site Scripting (XSS) vulnerability in Denis 微信机器人高级版 plugin <= 6.0.1 versions.
|
|||||
| CVE-2022-45831 | 1 Oxilab | 1 Image Hover Effects For Elementor With Lightbox And Flipbox | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in biplob018 Image Hover Effects for Elementor with Lightbox and Flipbox plugin <= 2.8 versions.
|
|||||
| CVE-2022-45827 | 1 Galleryplugins | 1 Video Contest | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GalleryPlugins Video Contest plugin <= 3.2 versions.
|
|||||
| CVE-2022-45825 | 1 Liquidweb | 1 Wpcomplete | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in iThemes WPComplete plugin <= 2.9.2 versions.
|
|||||
| CVE-2022-45821 | 1 Nootheme | 1 Noo Timetable | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in NooTheme Noo Timetable plugin <= 2.1.3 versions.
|
|||||
| CVE-2022-45818 | 1 Essentialplugin | 1 Hero Banner Ultimate | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WP OnlineSupport, Essential Plugin Hero Banner Ultimate plugin <= 1.3.4 versions.
|
|||||
| CVE-2022-45817 | 1 Gc Testimonials Project | 1 Gc Testimonials | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability in Erin Garscadden GC Testimonials plugin <= 1.3.2 versions.
|
|||||
| CVE-2022-45816 | 1 Dev4press | 1 Gd Bbpress Attachments | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Auth. Stored Cross-Site Scripting (XSS) vulnerability in GD bbPress Attachments plugin <= 4.3.1 on WordPress.
|
|||||
| CVE-2022-45814 | 1 Wp Calendar Project | 1 Wp Calendar | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Stored Cross-Site Scripting (XSS) vulnerability in Fabian von Allmen WP Calendar plugin <= 1.5.3 versions.
|
|||||
| CVE-2022-45812 | 1 Exxp Project | 1 Exxp | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Martin Lees Exxp plugin <= 2.6.8 versions.
|
|||||
| CVE-2022-45722 | 1 Gzwhir | 1 Ezeip | 2024-11-21 | N/A | 6.1 MEDIUM |
|
ezEIP v5.3.0(0649) was discovered to contain a cross-site scripting (XSS) vulnerability.
|
|||||
| CVE-2022-45448 | 1 Prestashop | 1 M4 Pdf | 2024-11-21 | N/A | 3.5 LOW |
|
M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically create documents. In the case that the template does not exist, the application will return a fixed document with a message in mpdf format. An attacker could exploit this vulnerability by inputting a valid HTML/CSS document as the value of the parameter.
|
|||||
| CVE-2022-45437 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all allows Cross-Site Scripting (XSS). A user with edition privileges can create a Payload in the reporting dashboard module. An admin user can observe the Payload without interaction and attacker can get information.
|
|||||
| CVE-2022-45436 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting (XSS). As a manager privilege user , create a network map containing name as xss payload. Once created, admin user must click on the edit network maps and XSS payload will be executed, which could be used for stealing admin users cookie value.
|
|||||
| CVE-2022-45375 | 1 Cyberchimps | 1 Ifeature Slider | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in iFeature Slider plugin <= 1.2 on WordPress.
|
|||||
| CVE-2022-45366 | 1 Wp-slimstat | 1 Slimstat Analytics | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics plugin <= 5.0.4 versions.
|
|||||
| CVE-2022-45365 | 1 Urosevic | 1 Stock Ticker | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Urošević Stock Ticker allows Reflected XSS.This issue affects Stock Ticker: from n/a through 3.23.2.
|
|||||
| CVE-2022-45363 | 1 Muffingroup | 1 Betheme | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) in Muffingroup Betheme theme <= 26.6.1 on WordPress.
|
|||||
| CVE-2022-45361 | 1 0mk Shortener Project | 1 0mk Shortener | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Boris Kuzmanov 0mk Shortener plugin <= 0.2 versions.
|
|||||
| CVE-2022-45358 | 1 Colorlib | 1 Activello | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Silkalns Activello theme <= 1.4.4 versions.
|
|||||
| CVE-2022-45218 | 1 Oretnom23 | 1 Human Resource Management System | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Human Resource Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. This vulnerability is triggered via a crafted payload injected into an authentication error message.
|
|||||
| CVE-2022-45176 | 1 Liveboxcloud | 1 Vdesk | 2024-11-21 | N/A | 5.4 MEDIUM |
|
An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting (XSS) can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application (through its vShare functionality section) doesn't properly check parameters, sent in HTTP requests as input, before saving them on the server. In addition, crafted JavaScript content can then be reflected back to the end user and executed by the web browser.
|
|||||