Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3673 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2024-11-21 | N/A | 3.5 LOW |
|
A vulnerability, which was classified as problematic, was found in SourceCodester Sanitization Management System 1.0. Affected is an unknown function of the file /php-sms/classes/Master.php. The manipulation of the argument message leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-212016.
|
|||||
| CVE-2022-3672 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2024-11-21 | N/A | 3.5 LOW |
|
A vulnerability, which was classified as problematic, has been found in SourceCodester Sanitization Management System 1.0. This issue affects some unknown processing of the file /php-sms/classes/SystemSettings.php. The manipulation of the argument name/shortname leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-212015.
|
|||||
| CVE-2022-3608 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 8.4 HIGH |
|
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha.
|
|||||
| CVE-2022-3587 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2024-11-21 | N/A | 3.5 LOW |
|
A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component My Account. The manipulation of the argument First Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211201 was assigned to this vulnerability.
|
|||||
| CVE-2022-3581 | 1 Oretnom23 | 1 Cashier Queuing System | 2024-11-21 | N/A | 2.4 LOW |
|
A vulnerability, which was classified as problematic, was found in SourceCodester Cashier Queuing System 1.0. Affected is an unknown function of the component Cashiers Tab. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-211188.
|
|||||
| CVE-2022-3580 | 1 Oretnom23 | 1 Cashier Queuing System | 2024-11-21 | N/A | 2.4 LOW |
|
A vulnerability, which was classified as problematic, has been found in SourceCodester Cashier Queuing System 1.0.1. This issue affects some unknown processing of the component User Creation Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-211187.
|
|||||
| CVE-2022-3562 | 1 Librenms | 1 Librenms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.
|
|||||
| CVE-2022-3548 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2024-11-21 | N/A | 2.4 LOW |
|
A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the component Add New Storage Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-211048.
|
|||||
| CVE-2022-3547 | 1 Simple Cold Storage Management System Project | 1 Simple Cold Storage Management System | 2024-11-21 | N/A | 2.4 LOW |
|
A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /csms/admin/?page=system_info of the component Setting Handler. The manipulation of the argument System Name/System Short Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-211047.
|
|||||
| CVE-2022-3546 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2024-11-21 | N/A | 2.4 LOW |
|
A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /csms/admin/?page=user/list of the component Create User Handler. The manipulation of the argument First Name/Last Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-211046 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2022-3516 | 1 Librenms | 1 Librenms | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.
|
|||||
| CVE-2022-3506 | 1 Never5 | 1 Related Posts | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository barrykooij/related-posts-for-wp prior to 2.1.3.
|
|||||
| CVE-2022-3505 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2024-11-21 | N/A | 3.5 LOW |
|
A vulnerability was found in SourceCodester Sanitization Management System. It has been classified as problematic. Affected is an unknown function of the file /php-sms/admin/. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210840.
|
|||||
| CVE-2022-3502 | 1 Oretnom23 | 1 Human Resource Management System | 2024-11-21 | N/A | 3.5 LOW |
|
A vulnerability was found in Human Resource Management System 1.0. It has been classified as problematic. This affects an unknown part of the component Leave Handler. The manipulation of the argument Reason leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210831.
|
|||||
| CVE-2022-3497 | 1 Oretnom23 | 1 Human Resource Management System | 2024-11-21 | N/A | 3.5 LOW |
|
A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been classified as problematic. Affected is an unknown function of the component Master List. The manipulation of the argument city/state/country/position leads to cross site scripting. It is possible to launch the attack remotely. VDB-210786 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2022-3493 | 1 Oretnom23 | 1 Human Resource Management System | 2024-11-21 | N/A | 3.5 LOW |
|
A vulnerability, which was classified as problematic, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the component Add Employee Handler. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-210773 was assigned to this vulnerability.
|
|||||
| CVE-2022-3464 | 1 Puppycms | 1 Puppycms | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A vulnerability classified as problematic has been found in puppyCMS up to 5.1. This affects an unknown part of the file /admin/settings.php. The manipulation of the argument site_name leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-210699.
|
|||||
| CVE-2022-3442 | 1 Crealogix | 1 Ebics Server | 2024-11-21 | N/A | 3.5 LOW |
|
A vulnerability was found in Crealogix EBICS 7.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /ebics-server/ebics.aspx. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.1 is able to address this issue. It is recommended to upgrade the affected component. VDB-210374 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2022-3434 | 1 Web-based Student Clearance System Project | 1 Web-based Student Clearance System | 2024-11-21 | N/A | 3.5 LOW |
|
A vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been rated as problematic. Affected by this issue is the function prepare of the file /Admin/add-student.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210356.
|
|||||
| CVE-2022-3355 | 1 Inventree Project | 1 Inventree | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.8.3.
|
|||||
| CVE-2022-3339 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 Update 14 allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO.
|
|||||
| CVE-2022-3255 | 1 Pimcore | 1 Pimcore | 2024-11-21 | N/A | 4.8 MEDIUM |
|
If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Perform any action within the application that the user can perform. View any information that the user is able to view. Modify any information that the user is able to modify. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user.
|
|||||
| CVE-2022-3245 | 1 Microweber | 1 Microweber | 2024-11-21 | N/A | 6.1 MEDIUM |
|
HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input.
|
|||||
| CVE-2022-3242 | 1 Microweber | 1 Microweber | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Code Injection in GitHub repository microweber/microweber prior to 1.3.2.
|
|||||
| CVE-2022-3231 | 1 Librenms | 1 Librenms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.9.0.
|
|||||
| CVE-2022-3223 | 1 Diagrams | 1 Drawio | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.3.1.
|
|||||
| CVE-2022-3220 | 1 Webgilde | 1 Advanced Comment Form | 2024-11-21 | N/A | 4.8 MEDIUM |
|
The Advanced Comment Form WordPress plugin before 1.2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
|
|||||
| CVE-2022-3211 | 1 Pimcore | 1 Pimcore | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.6.
|
|||||
| CVE-2022-3209 | 1 Pencidesign | 1 Soledad | 2024-11-21 | N/A | 6.1 MEDIUM |
|
The soledad WordPress theme before 8.2.5 does not sanitise the {id,datafilter[type],...} parameters in its penci_more_slist_post_ajax AJAX action, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.
|
|||||
| CVE-2022-3207 | 1 Simplefilelist | 1 Simple-file-list | 2024-11-21 | N/A | 4.8 MEDIUM |
|
The Simple File List WordPress plugin before 4.4.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
|
|||||
| CVE-2022-3205 | 1 Redhat | 1 Ansible Automation Platform | 2024-11-21 | N/A | 4.6 MEDIUM |
|
Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection
|
|||||
| CVE-2022-3148 | 1 Diagrams | 1 Drawio | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio prior to 20.3.0.
|
|||||
| CVE-2022-3138 | 1 Diagrams | 1 Drawio | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio prior to 20.3.0.
|
|||||
| CVE-2022-3137 | 1 Taskbuilder | 1 Taskbuilder | 2024-11-21 | N/A | 5.4 MEDIUM |
|
The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user (such as subscriber) creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file
|
|||||
| CVE-2022-3136 | 1 Wpsocialrocket | 1 Social Rocket | 2024-11-21 | N/A | 4.8 MEDIUM |
|
The Social Rocket WordPress plugin before 1.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
|
|||||
| CVE-2022-3132 | 1 Goolytics Project | 1 Goolytics | 2024-11-21 | N/A | 4.8 MEDIUM |
|
The Goolytics WordPress plugin before 1.1.2 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
|
|||||
| CVE-2022-3128 | 1 Donation Thermometer Project | 1 Donation Thermometer | 2024-11-21 | N/A | 4.8 MEDIUM |
|
The Donation Thermometer WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
|
|||||
| CVE-2022-3127 | 1 Diagrams | 1 Drawio | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.2.8.
|
|||||
| CVE-2022-3123 | 2 Dokuwiki, Fedoraproject | 2 Dokuwiki, Fedora | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a.
|
|||||
| CVE-2022-3073 | 1 Weidmueller | 18 19 Iot Md01 Lan H4 S0011, 19 Iot Md01 Lan H4 S0011 Firmware, Fp Iot Md01 4eu S2 00000 and 15 more | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser environment. The affected script is '*-schema.js'.
|
|||||