Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-39160 | 1 Ibm | 1 Cognos Analytics | 2024-11-21 | N/A | 6.1 MEDIUM |
|
IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 235064.
|
|||||
| CVE-2022-39054 | 1 Cowell Enterprise Travel Management System Project | 1 Cowell Enterprise Travel Management System | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cowell enterprise travel management system has insufficient filtering for special characters within web URL. An unauthenticated remote attacker can inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack.
|
|||||
| CVE-2022-39053 | 1 Heimavista | 1 Dark Horse Rpage | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Heimavista Rpage has insufficient filtering for platform web URL. An unauthenticated remote attacker can inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack.
|
|||||
| CVE-2022-39050 | 1 Otrs | 1 Otrs | 2024-11-21 | N/A | 4.6 MEDIUM |
|
An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external data sources e.g. database or ldap
|
|||||
| CVE-2022-39049 | 1 Otrs | 1 Otrs | 2024-11-21 | N/A | 3.5 LOW |
|
An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS.
|
|||||
| CVE-2022-39035 | 1 Lcnet | 1 Smart Evision | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Smart eVision has insufficient filtering for special characters in the POST Data parameter in the specific function. An unauthenticated remote attacker can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack.
|
|||||
| CVE-2022-39027 | 1 Edetw | 1 U-office Force | 2024-11-21 | N/A | 5.4 MEDIUM |
|
U-Office Force Forum function has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript and perform XSS (Stored Cross-Site Scripting) attack.
|
|||||
| CVE-2022-39026 | 1 Edetw | 1 U-office Force | 2024-11-21 | N/A | 5.4 MEDIUM |
|
U-Office Force UserDefault page has insufficient filtering for special characters in the HTTP header fields. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform XSS (Stored Cross-Site Scripting) attack.
|
|||||
| CVE-2022-39025 | 1 Edetw | 1 U-office Force | 2024-11-21 | N/A | 6.1 MEDIUM |
|
U-Office Force PrintMessage function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack.
|
|||||
| CVE-2022-39024 | 1 Edetw | 1 U-office Force | 2024-11-21 | N/A | 6.1 MEDIUM |
|
U-Office Force Bulletin function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack.
|
|||||
| CVE-2022-39020 | 1 Schoolbox | 1 Schoolbox | 2024-11-21 | N/A | 7.6 HIGH |
|
Multiple instances of XSS (stored and reflected) was found in the application. For example, features such as student assessment submission, file upload, news, ePortfolio and calendar event creation were found to be vulnerable to cross-site scripting.
|
|||||
| CVE-2022-39017 | 1 M-files | 1 Hubshare | 2024-11-21 | N/A | 8.2 HIGH |
|
Improper input validation and output encoding in all comments fields, in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to introduce cross-site scripting attacks via specially crafted comments.
|
|||||
| CVE-2022-39016 | 1 M-files | 1 Hubshare | 2024-11-21 | N/A | 8.2 HIGH |
|
Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload.
|
|||||
| CVE-2022-38972 | 1 Ark-web | 1 A-form | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 (for Movable Type 7 Series) and versions prior to 3.9.1 (for Movable Type 6 Series) allows a remote unauthenticated attacker to inject an arbitrary script.
|
|||||
| CVE-2022-38971 | 1 Themekraft | 1 Post Form Registration Form Profile Form For User Profiles And Content Forms | 2024-11-21 | N/A | 4.7 MEDIUM |
|
Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions plugin <= 2.7.5 versions.
|
|||||
| CVE-2022-38845 | 1 Espocrm | 1 Espocrm | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious JavaScripting in the browser.
|
|||||
| CVE-2022-38814 | 1 Fiberhome | 2 An5506-02-b, An5506-02-b Firmware | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in the auth_settings component of FiberHome AN5506-02-B vRP2521 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the sncfg_loid text field.
|
|||||
| CVE-2022-38790 | 1 Weave.works | 1 Gitops | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting (XSS) bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim's permission. The exposure appears in Weave GitOps Enterprise UI via a GitopsCluster dashboard link. An annotation can be added to a GitopsCluster custom resource.
|
|||||
| CVE-2022-38758 | 1 Netiq | 1 Imanager | 2024-11-21 | N/A | 7.2 HIGH |
|
Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user's browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL.
|
|||||
| CVE-2022-38754 | 1 Microfocus | 2 Operations Bridge, Operations Bridge Manager | 2024-11-21 | N/A | 8.0 HIGH |
|
A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM (Operations Bridge Manager) user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is only applicable if the Operations Bridge Manager capability is deployed. A potential vulnerability has been identified in Micro Focus Operations Bridge Manager (OBM). The vulnerability could be exploited ...
Show More |
|||||
| CVE-2022-38709 | 2 Ibm, Microsoft | 2 Robotic Process Automation For Cloud Pak, Windows | 2024-11-21 | N/A | 6.1 MEDIUM |
|
IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 234291.
|
|||||
| CVE-2022-38703 | 1 Maxfoundry | 1 Maxbuttons | 2024-11-21 | N/A | 3.4 LOW |
|
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max Foundry Button Plugin MaxButtons plugin <= 9.2 at WordPress
|
|||||
| CVE-2022-38664 | 1 Jenkins | 1 Job Configuration History | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names.
|
|||||
| CVE-2022-38653 | 1 Hcltech | 1 Digital Experience | 2024-11-21 | N/A | 2.0 LOW |
|
In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded.
|
|||||
| CVE-2022-38639 | 1 Inkdrop | 1 Markdown Nice | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Markdown-Nice v1.8.22 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Community Posting field.
|
|||||
| CVE-2022-38545 | 1 Valine.js | 1 Valine | 2024-11-21 | N/A | 9.6 CRITICAL |
|
Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a crafted POST request.
|
|||||
| CVE-2022-38467 | 1 Crmperks | 1 Crm Perks Forms | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Reflected Cross-Site Scripting (XSS) vulnerability in CRM Perks Forms – WordPress Form Builder <= 1.1.0 ver.
|
|||||
| CVE-2022-38463 | 1 Servicenow | 1 Servicenow | 2024-11-21 | N/A | 6.1 MEDIUM |
|
ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality.
|
|||||
| CVE-2022-38460 | 1 Notice Board Project | 1 Notice Board | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in NOTICE BOARD plugin <= 1.1 at WordPress.
|
|||||
| CVE-2022-38439 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.
|
|||||
| CVE-2022-38438 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.
|
|||||
| CVE-2022-38390 | 1 Ibm | 1 Business Automation Workflow | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233978.
|
|||||
| CVE-2022-38379 | 1 Fortinet | 1 Fortisoar | 2024-11-21 | N/A | 3.5 LOW |
|
Improper neutralization of input during web page generation [CWE-79] in FortiSOAR 7.0.0 through 7.0.3 and 7.2.0 may allow an authenticated attacker to inject HTML tags via input fields of various components within FortiSOAR.
|
|||||
| CVE-2022-38376 | 1 Fortinet | 1 Fortinac | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to perform an XSS attack via crafted HTTP requests.
|
|||||
| CVE-2022-38374 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | N/A | 8.8 HIGH |
|
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4 allows an attacker to execute unauthorized code or commands via the URL and User fields observed in the traffic and event logviews.
|
|||||
| CVE-2022-38373 | 1 Fortinet | 1 Fortideceptor | 2024-11-21 | N/A | 8.0 HIGH |
|
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface 4.2.0, 4.1.0 through 4.1.1, 4.0.2 may allow an authenticated user to perform a cross site scripting (XSS) attack via sending requests with specially crafted lure resource ID.
|
|||||
| CVE-2022-38358 | 1 Eyeofnetwork | 1 Eyes Of Network Web | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Improper neutralization of input during web page generation leaves the Eyes of Network web application vulnerable to cross-site scripting attacks at /module/admin_notifiers/rules.php and /module/report_event/indext.php via the parameters rule_notification, rule_name, and rule_name_old, and at /module/admin_user/add_modify_user.php via the parameters user_name and user_email.
|
|||||
| CVE-2022-38339 | 1 Safe | 1 Fme Server | 2024-11-21 | N/A | 9.6 CRITICAL |
|
Safe Software FME Server v2021.2.5, v2022.0.0.2 and below contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login page.
|
|||||
| CVE-2022-38295 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function.
|
|||||
| CVE-2022-38291 | 1 Slims | 1 Senayan Library Management System | 2024-11-21 | N/A | 6.1 MEDIUM |
|
SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Search function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search bar.
|
|||||