Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41392 | 1 Totaljs | 1 Total.js | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under Main Settings.
|
|||||
| CVE-2022-41336 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | N/A | 6.8 MEDIUM |
|
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiPortal versions 6.0.0 through 6.0.11 and all versions of 5.3, 5.2, 5.1, 5.0 management interface may allow a remote authenticated attacker to perform a stored cross site scripting (XSS) attack via sending request with specially crafted columnindex parameter.
|
|||||
| CVE-2022-41334 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A | 8.8 HIGH |
|
An improper neutralization of input during web page generation [CWE-79] vulnerability in FortiOS versions 7.0.0 to 7.0.7 and 7.2.0 to 7.2.3 may allow a remote, unauthenticated attacker to launch a cross site scripting (XSS) attack via the "redir" parameter of the URL seen when the "Sign in with FortiCloud" button is clicked.
|
|||||
| CVE-2022-41330 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | N/A | 8.8 HIGH |
|
An improper neutralization of input during web page generation vulnerability ('Cross-site Scripting') [CWE-79] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9, version 6.4.0 through 6.4.11 and before 6.2.12 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests.
|
|||||
| CVE-2022-41315 | 1 Ezoic | 1 Ezoic | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Auth. Stored Cross-Site Scripting (XSS) vulnerability in Ezoic plugin <= 2.8.8 on WordPress.
|
|||||
| CVE-2022-41266 | 1 Sap | 1 Commerce Webservices 2.0 | 2024-11-21 | N/A | 8.0 HIGH |
|
Due to a lack of proper input validation, SAP Commerce Webservices 2.0 (Swagger UI) - versions 1905, 2005, 2105, 2011, 2205, allows malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a DOM Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to steal user tokens and achieve a full account takeover including access to administrative tools in SAP Commerce.
|
|||||
| CVE-2022-41262 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Provider Service) - version 7.50, allows an unauthenticated attacker to inject a script into a web request header. On successful exploitation, an attacker can view or modify information causing a limited impact on the confidentiality and integrity of the application.
|
|||||
| CVE-2022-41260 | 1 Sap | 1 Financial Consolidation | 2024-11-21 | N/A | 6.1 MEDIUM |
|
SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.
|
|||||
| CVE-2022-41258 | 1 Sap | 1 Financial Consolidation | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker to inject malicious script when running a common query in the Web Administration Console. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality, integrity and availability of the application.
|
|||||
| CVE-2022-41208 | 1 Sap | 1 Financial Consolidation | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session. On successful exploitation, the attacker can view or modify information, causing a limited impact on confidentiality and integrity of the application.
|
|||||
| CVE-2022-41136 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Vladimir Anokhin's Shortcodes Ultimate plugin <= 5.12.0 on WordPress.
|
|||||
| CVE-2022-41132 | 1 Ezoic | 1 Ezoic | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerability in Ezoic plugin <= 2.8.8 on WordPress.
|
|||||
| CVE-2022-40968 | 1 2kblater | 1 2kb Amazon Affiliates Store | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Reflected Cross-Site Scripting (XSS) vulnerability in 2kb Amazon Affiliates Store plugin <=2.1.5 on WordPress.
|
|||||
| CVE-2022-40965 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | N/A | 8.7 HIGH |
|
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API.
|
|||||
| CVE-2022-40963 | 1 Themeum | 1 Wp Page Builder | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Multiple Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerabilities in WP Page Builder plugin <= 1.2.6 on WordPress.
|
|||||
| CVE-2022-40778 | 1 Opswat | 1 Metadefender | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response.
|
|||||
| CVE-2022-40753 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | N/A | 5.4 MEDIUM |
|
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236688.
|
|||||
| CVE-2022-40750 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | N/A | 5.4 MEDIUM |
|
IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236588.
|
|||||
| CVE-2022-40744 | 1 Ibm | 1 Aspera Faspex | 2024-11-21 | N/A | 4.8 MEDIUM |
|
IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236441.
|
|||||
| CVE-2022-40739 | 1 Ragic | 1 Ragic | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Ragic report generation page has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript to perform XSS (Reflected Cross-Site Scripting) attack.
|
|||||
| CVE-2022-40714 | 1 Nokia | 1 1350 Optical Management System | 2024-11-21 | N/A | 6.1 MEDIUM |
|
An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /oms1350/* endpoints.
|
|||||
| CVE-2022-40699 | 1 Yasr - Yet Another Stars Rating Project | 1 Yasr - Yet Another Stars Rating | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability in Dario Curvino Yasr – Yet Another Stars Rating plugin <= 3.1.2 versions.
|
|||||
| CVE-2022-40698 | 1 Expresstech | 1 Quiz And Survey Master | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.
|
|||||
| CVE-2022-40697 | 1 3commarketing | 1 3com-asesor-de-cookies | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 3com – Asesor de Cookies para normativa española plugin <= 3.4.3 versions.
|
|||||
| CVE-2022-40694 | 1 Storeapps | 1 News Announcement Scroll | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in News Announcement Scroll plugin <= 8.8.8 on WordPress.
|
|||||
| CVE-2022-40680 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A | 4.0 MEDIUM |
|
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiOS 6.0.7 - 6.0.15, 6.2.2 - 6.2.12, 6.4.0 - 6.4.9 and 7.0.0 - 7.0.3 allows a privileged attacker to execute unauthorized code or commands via storing malicious payloads in replacement messages.
|
|||||
| CVE-2022-40676 | 1 Fortinet | 1 Fortinac | 2024-11-21 | N/A | 7.5 HIGH |
|
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests.
|
|||||
| CVE-2022-40672 | 1 Wpchill | 1 Cpo Shortcodes | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CPO Shortcodes plugin <= 1.5.0 at WordPress.
|
|||||
| CVE-2022-40631 | 1 Siemens | 60 Scalance X200-4p Irt, Scalance X200-4p Irt Firmware, Scalance X201-3p Irt and 57 more | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT (All versions < V5.5.0), SCALANCE X202-2P IRT (All versions < V5.5.0), SCALANCE X202-2P IRT PRO (All versions < V5.5.0), SCALANCE X204-2 (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALAN ...
Show More |
|||||
| CVE-2022-40626 | 2 Fedoraproject, Zabbix | 2 Fedora, Zabbix | 2024-11-21 | N/A | 4.8 MEDIUM |
|
An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend.
|
|||||
| CVE-2022-40603 | 1 Zyxel | 38 Atp100, Atp100 Firmware, Atp100w and 35 more | 2024-11-21 | N/A | 4.7 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. Then, the attacker could gain access to some browser-based information if the malicious script is executed on the victim’s br ...
Show More |
|||||
| CVE-2022-40440 | 1 Jgraph | 1 Mxgraph | 2024-11-21 | N/A | 6.1 MEDIUM |
|
mxGraph v4.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the setTooltips() function.
|
|||||
| CVE-2022-40365 | 1 Gocron Project | 1 Gocron | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross site scripting (XSS) vulnerability in ouqiang gocron through 1.5.3, allows attackers to execute arbitrary code via scope.row.hostname in web/vue/src/pages/taskLog/list.vue.
|
|||||
| CVE-2022-40325 | 1 Sysaid | 1 Help Desk | 2024-11-21 | N/A | 6.1 MEDIUM |
|
SysAid Help Desk before 22.1.65 allows XSS via the Asset Dashboard, aka FR# 67262.
|
|||||
| CVE-2022-40324 | 1 Sysaid | 1 Help Desk | 2024-11-21 | N/A | 6.1 MEDIUM |
|
SysAid Help Desk before 22.1.65 allows XSS via the Linked SRs field, aka FR# 67258.
|
|||||
| CVE-2022-40323 | 1 Sysaid | 1 Help Desk | 2024-11-21 | N/A | 6.1 MEDIUM |
|
SysAid Help Desk before 22.1.65 allows XSS in the Password Services module, aka FR# 67241.
|
|||||
| CVE-2022-40322 | 1 Sysaid | 1 Help Desk | 2024-11-21 | N/A | 6.1 MEDIUM |
|
SysAid Help Desk before 22.1.65 allows XSS, aka FR# 66542 and 65579.
|
|||||
| CVE-2022-40317 | 1 Openkm | 1 Openkm | 2024-11-21 | N/A | 5.4 MEDIUM |
|
OpenKM 6.3.11 allows stored XSS related to the javascript: substring in an A element.
|
|||||
| CVE-2022-40311 | 1 Fatcatapps | 1 Analytics Cat | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) in Fatcat Apps Analytics Cat plugin <= 1.0.9 on WordPress.
|
|||||
| CVE-2022-40257 | 1 Cert | 1 Vince | 2024-11-21 | N/A | 5.4 MEDIUM |
|
An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via a crafted email with HTML content in the Subject field.
|
|||||