Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42352 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
|
|||||
| CVE-2022-42350 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
|
|||||
| CVE-2022-42349 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
|
|||||
| CVE-2022-42348 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
|
|||||
| CVE-2022-42346 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
|
|||||
| CVE-2022-42345 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
|
|||||
| CVE-2022-42247 | 1 Pfsense | 1 Pfsense | 2024-11-21 | N/A | 6.1 MEDIUM |
|
pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name.
|
|||||
| CVE-2022-42001 | 1 Hallowelt | 1 Bluespice | 2024-11-21 | N/A | 3.3 LOW |
|
Cross-site Scripting (XSS) vulnerability in BlueSpiceBookshelf extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the book navigation.
|
|||||
| CVE-2022-42000 | 1 Hallowelt | 1 Bluespice | 2024-11-21 | N/A | 3.3 LOW |
|
Cross-site Scripting (XSS) vulnerability in BlueSpiceSocialProfile extension of BlueSpice allows user with comment permissions to inject arbitrary HTML into the comment section of a wikipage.
|
|||||
| CVE-2022-41980 | 1 Webartesanal | 1 Mantenimiento Web | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mantenimiento web plugin <= 0.13 on WordPress.
|
|||||
| CVE-2022-41947 | 1 Dhis2 | 1 Dhis 2 | 2024-11-21 | N/A | 5.4 MEDIUM |
|
DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Through various features of DHIS2, an authenticated user may be able to upload a file which includes embedded javascript. The user could then potentially trick another authenticated user to open the malicious file in a browser which would trigger the javascript code, resulting in a cross-site scripting (XSS) attack. DHIS2 administrators should upgrade to the following hotfix release ...
Show More |
|||||
| CVE-2022-41941 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 6.2 MEDIUM |
|
GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, prior to 10.0.6, are subject to Cross-site Scripting. An administrator may store malicious code in help links. This issue is patched in 10.0.6.
|
|||||
| CVE-2022-41938 | 1 Flarum | 1 Flarum | 2024-11-21 | N/A | 9.0 CRITICAL |
|
Flarum is an open source discussion platform. Flarum's page title system allowed for page titles to be converted into HTML DOM nodes when pages were rendered. The change was made after `v1.5` and was not noticed. This allowed an attacker to inject malicious HTML markup using a discussion title input, either by creating a new discussion or renaming one. The XSS attack occurs after a visitor opens the relevant discussion page. All communities running Flarum from `v1.5.0` to `v1.6.1` are impacted. ...
Show More |
|||||
| CVE-2022-41905 | 1 Wsgidav Project | 1 Wsgidav | 2024-11-21 | N/A | 8.2 HIGH |
|
WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting (XSS) attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set `dir_browser.enable = False` in the configuration.
|
|||||
| CVE-2022-41831 | 1 Wp Glossary Project | 1 Wp Glossary | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Auth. (contributor+) Cross-Site Scripting vulnerability in TCBarrett WP Glossary plugin <= 3.1.2 versions.
|
|||||
| CVE-2022-41814 | 1 Hallowelt | 1 Bluespice | 2024-11-21 | N/A | 3.3 LOW |
|
Cross-site Scripting (XSS) vulnerability in BlueSpiceFoundation extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the history view of a wikipage.
|
|||||
| CVE-2022-41789 | 1 Hallowelt | 1 Bluespice | 2024-11-21 | N/A | 3.3 LOW |
|
Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows logged in user with edit permissions to inject arbitrary HTML into the default page header of a wikipage.
|
|||||
| CVE-2022-41788 | 1 Pencidesign | 1 Soledad | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Soledad premium theme <= 8.2.5 on WordPress.
|
|||||
| CVE-2022-41785 | 1 Robogallery | 1 Gallery Images Ape | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Galleryape Gallery Images Ape plugin <= 2.2.8 versions.
|
|||||
| CVE-2022-41762 | 1 Nokia | 1 Network Functions Manager For Transport | 2024-11-21 | N/A | 6.1 MEDIUM |
|
An issue was discovered in NOKIA NFM-T R19.9. Multiple Reflected XSS vulnerabilities exist in the Network Element Manager via any parameter to log.pl, the bench or pid parameter to top.pl, or the id parameter to easy1350.pl.
|
|||||
| CVE-2022-41735 | 1 Ibm | 1 Business Automation Workflow | 2024-11-21 | N/A | 5.4 MEDIUM |
|
IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 65687.
|
|||||
| CVE-2022-41702 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | N/A | 8.7 HIGH |
|
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API.
|
|||||
| CVE-2022-41701 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | N/A | 8.7 HIGH |
|
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API.
|
|||||
| CVE-2022-41679 | 1 Formalms | 1 Formalms | 2024-11-21 | N/A | 4.7 MEDIUM |
|
Forma LMS version 3.1.0 and earlier are affected by an Cross-Site scripting vulnerability, that could allow a remote attacker to inject javascript code on the “back_url” parameter in appLms/index.php?modname=faq&op=play function. The exploitation of this vulnerability could allow an attacker to steal the user´s cookies in order to log in to the application.
|
|||||
| CVE-2022-41676 | 1 Raidenmaild | 1 Raidenmaild | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Raiden MAILD Mail Server website mail field has insufficient filtering for user input. A remote attacker with general user privilege can send email using the website with malicious JavaScript in the input field, which triggers XSS (Reflected Cross-Site Scripting) attack to the mail recipient.
|
|||||
| CVE-2022-41651 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | N/A | 8.7 HIGH |
|
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API.
|
|||||
| CVE-2022-41643 | 1 Accessibility Project | 1 Accessibility | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Accessibility plugin <= 1.0.3 on WordPress.
|
|||||
| CVE-2022-41640 | 1 Rymera | 1 Wholesale Suite | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Rymera Web Co Wholesale Suite plugin <= 2.1.5 versions.
|
|||||
| CVE-2022-41638 | 1 Chop-chop | 1 Pop-up Chop Chop | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Auth. Stored Cross-Site Scripting (XSS) in Pop-Up Chop Chop plugin <= 2.1.7 on WordPress.
|
|||||
| CVE-2022-41615 | 1 Agilelogix | 1 Store Locator | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on WordPress.
|
|||||
| CVE-2022-41612 | 1 Shareaholic | 1 Similar Posts | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shareaholic Similar Posts plugin <= 3.1.6 versions.
|
|||||
| CVE-2022-41611 | 1 Hallowelt | 1 Bluespice | 2024-11-21 | N/A | 2.3 LOW |
|
Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows user with admin privileges to inject arbitrary HTML into the main navigation of the application.
|
|||||
| CVE-2022-41567 | 1 Tibco | 1 Businessconnect | 2024-11-21 | N/A | 7.3 HIGH |
|
The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a cross-site scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect: versions 7.3.0 and below.
|
|||||
| CVE-2022-41566 | 1 Tibco | 1 Ebx Add-ons | 2024-11-21 | N/A | 8.7 HIGH |
|
The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 5.6.0 and below.
|
|||||
| CVE-2022-41565 | 1 Tibco | 2 Ebx, Product And Service Catalog Powered By Tibco Ebx | 2024-11-21 | N/A | 8.7 HIGH |
|
The Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.9.21 and below, versions 6.0.11 and below and TIBCO Product and Service Catalog powered by TIBCO EBX: versions 1.2.0 and below.
|
|||||
| CVE-2022-41563 | 1 Tibco | 1 Jasperreports Server | 2024-11-21 | N/A | 9.0 CRITICAL |
|
The Dashboard component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on t ...
Show More |
|||||
| CVE-2022-41562 | 1 Tibco | 1 Jasperreports Server | 2024-11-21 | N/A | 8.4 HIGH |
|
The HTML escaping component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a privileged/administrative attacker with n ...
Show More |
|||||
| CVE-2022-41555 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | N/A | 8.7 HIGH |
|
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API.
|
|||||
| CVE-2022-41554 | 1 Slideshow Se Project | 1 Slideshow Se | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Stored Cross-Site Scripting (XSS) vulnerability in John West Slideshow SE plugin <= 2.5.5 versions.
|
|||||
| CVE-2022-41442 | 1 Picuploader Project | 1 Picuploader | 2024-11-21 | N/A | 6.1 MEDIUM |
|
PicUploader v2.6.3 was discovered to contain cross-site scripting (XSS) vulnerability via the setStorageParams function in SettingController.php.
|
|||||