Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37407 | 1 Wpchill | 1 Gallery Photoblocks | 2024-11-21 | N/A | 4.1 MEDIUM |
|
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at WordPress.
|
|||||
| CVE-2022-37404 | 1 Add2fav Project | 1 Add2fav | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christian Salazar's add2fav plugin <= 1.0 at WordPress.
|
|||||
| CVE-2022-37403 | 1 Add User Role Project | 1 Add User Role | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nikhil Vaghela's Add User Role plugin <= 0.0.1 at WordPress.
|
|||||
| CVE-2022-37402 | 1 Afsanalytics | 1 Afs Analytics | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Stored Cross-site Scripting (XSS) vulnerability in AFS Analytics plugin <= 4.18 versions.
|
|||||
| CVE-2022-37342 | 1 Add Shortcodes Actions And Filters Project | 1 Add Shortcodes Actions And Filters | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability Add Shortcodes Actions And Filters plugin <= 2.0.9 at WordPress.
|
|||||
| CVE-2022-37339 | 1 Fullworksplugins | 1 Meet My Team | 2024-11-21 | N/A | 4.1 MEDIUM |
|
Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Meet My Team plugin <= 2.0.5 at WordPress.
|
|||||
| CVE-2022-37338 | 1 Blossomthemes | 1 Blossom Recipe Maker | 2024-11-21 | N/A | 4.1 MEDIUM |
|
Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Blossom Recipe Maker plugin <= 1.0.7 at WordPress.
|
|||||
| CVE-2022-37335 | 1 Webhelpagency | 1 Word Search Puzzles | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in WHA's Word Search Puzzles game plugin <= 2.0.1 at WordPress.
|
|||||
| CVE-2022-37330 | 1 Webhelpagency | 1 Wha Crossword | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WHA Crossword plugin <= 1.1.10 at WordPress.
|
|||||
| CVE-2022-37328 | 1 Themesawesome | 1 Timeline Awesome | 2024-11-21 | N/A | 3.4 LOW |
|
Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in Themes Awesome History Timeline plugin <= 1.0.5 at WordPress.
|
|||||
| CVE-2022-37318 | 1 Rsa | 1 Archer | 2024-11-21 | N/A | 7.0 HIGH |
|
Archer Platform 6.9 SP2 P2 before 6.11 P3 (6.11.0.3) contain a reflected XSS vulnerability. A remote unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious JavaScript code to the vulnerable web application. This code is then reflected to the victim and gets executed by the web browser in the context of the vulnerable web application. 6.10 P4 (6.10.0.4) and 6.11 P2 HF4 (6.11.0.2.4) are also fixed releases.
|
|||||
| CVE-2022-37317 | 1 Rsa | 1 Archer | 2024-11-21 | N/A | 7.6 HIGH |
|
Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability. An authenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious code in the context of the web application. 6.10 P4 (6.10.0.4) and 6.11 P2 HF4 (6.11.0.2.4) are also fixed releases.
|
|||||
| CVE-2022-37254 | 1 Dolphinphp Project | 1 Dolphinphp | 2024-11-21 | N/A | 5.4 MEDIUM |
|
DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting (XSS) via Background - > System - > system function - > configuration management.
|
|||||
| CVE-2022-37253 | 1 Crime Reporting System Project | 1 Crime Reporting System | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Persistent cross-site scripting (XSS) in Crime Reporting System 1.0 allows a remote attacker to introduce arbitary Javascript via manipulation of an unsanitized POST parameter
|
|||||
| CVE-2022-37251 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts.
|
|||||
| CVE-2022-37248 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php.
|
|||||
| CVE-2022-37247 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page.
|
|||||
| CVE-2022-37245 | 1 Altn | 1 Security Gateway For Email Servers | 2024-11-21 | N/A | 5.4 MEDIUM |
|
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the Blacklist endpoint.
|
|||||
| CVE-2022-37244 | 1 Altn | 1 Security Gateway For Email Servers | 2024-11-21 | N/A | 5.4 MEDIUM |
|
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter. after login leads to inject malicious tag leads to IFRAME injection.
|
|||||
| CVE-2022-37243 | 1 Altn | 1 Security Gateway For Email Servers | 2024-11-21 | N/A | 5.4 MEDIUM |
|
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the whitelist endpoint.
|
|||||
| CVE-2022-37241 | 1 Altn | 1 Security Gateway For Email Servers | 2024-11-21 | N/A | 5.4 MEDIUM |
|
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the data_leak_list_ajax endpoint.
|
|||||
| CVE-2022-37239 | 1 Altn | 1 Security Gateway For Email Servers | 2024-11-21 | N/A | 5.4 MEDIUM |
|
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the rulles_list_ajax endpoint.
|
|||||
| CVE-2022-37238 | 1 Altn | 1 Security Gateway For Email Servers | 2024-11-21 | N/A | 5.4 MEDIUM |
|
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the currentRequest parameter.
|
|||||
| CVE-2022-37183 | 1 Piwigo | 1 Piwigo | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/1940/created-monthly-list.
|
|||||
| CVE-2022-37162 | 1 Claroline | 1 Claroline | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS). An attacker can obtain javascript code execution by adding arbitrary javascript code in the 'Location' field of a calendar event.
|
|||||
| CVE-2022-37161 | 1 Claroline | 1 Claroline | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) via SVG file upload.
|
|||||
| CVE-2022-37160 | 1 Claroline | 1 Claroline | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with administrative rights by opening an SVG file as an administrator user.
|
|||||
| CVE-2022-37153 | 1 Articatech | 1 Artica Proxy | 2024-11-21 | N/A | 6.1 MEDIUM |
|
An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password parameter in /fw.login.php.
|
|||||
| CVE-2022-37150 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2024-11-21 | N/A | 5.4 MEDIUM |
|
An issue was discovered in Online Diagnostic Lab Management System 1.0. There is a stored XSS vulnerability via firstname, address, middlename, lastname , gender, email, contact parameters.
|
|||||
| CVE-2022-37059 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary code via Login Field
|
|||||
| CVE-2022-37044 | 1 Zimbra | 1 Collaboration | 2024-11-21 | N/A | 6.1 MEDIUM |
|
In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/search?action accepts parameters called extra, title, and onload that are partially sanitised and lead to reflected XSS that allows executing arbitrary JavaScript on the victim's machine.
|
|||||
| CVE-2022-36967 | 1 Progress | 1 Ipswitch Ws Ftp Server | 2024-11-21 | N/A | 6.1 MEDIUM |
|
In Progress WS_FTP Server prior to version 8.7.3, multiple reflected cross-site scripting (XSS) vulnerabilities exist in the administrative web interface. It is possible for a remote attacker to inject arbitrary JavaScript into a WS_FTP administrator's web session. This would allow the attacker to execute code within the context of the victim's browser.
|
|||||
| CVE-2022-36948 | 1 Veritas | 1 Netbackup | 2024-11-21 | N/A | 5.4 MEDIUM |
|
In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.
|
|||||
| CVE-2022-36922 | 1 Jenkins | 1 Lucene-search | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the 'search' result page, resulting in a reflected cross-site scripting (XSS) vulnerability.
|
|||||
| CVE-2022-36905 | 1 Jenkins | 1 Maven Metadata | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-36902 | 1 Jenkins | 1 Dynamic Extended Choice Parameter | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-36880 | 1 Webmin | 2 Usermin, Webmin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message.
|
|||||
| CVE-2022-36859 | 1 Samsung | 1 Smarttagplugin | 2024-11-21 | N/A | 5.7 MEDIUM |
|
Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.21-6 allows privileged attackers to trigger a XSS on a victim's devices.
|
|||||
| CVE-2022-36801 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (RXSS) vulnerability in the TeamManagement.jspa endpoint. The affected versions are before version 8.20.8.
|
|||||
| CVE-2022-36796 | 1 Callrail | 1 Callrail Phone Call Tracking | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in CallRail, Inc. CallRail Phone Call Tracking plugin <= 0.4.9 at WordPress.
|
|||||