Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36791 | 1 Awesome | 1 Torro Forms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Awesome UG Torro Forms plugin <= 1.0.16 at WordPress.
|
|||||
| CVE-2022-36778 | 1 Synel | 1 Eharmony | 2024-11-21 | N/A | 6.5 MEDIUM |
|
insert HTML / js code inside input how to get to the vulnerable input : Workers > worker nickname > inject in this input the code.
|
|||||
| CVE-2022-36776 | 2 Ibm, Linux | 2 Cloud Pak For Security, Linux Kernel | 2024-11-21 | N/A | 5.4 MEDIUM |
|
IBM Cloud Pak for Security (CP4S) 1.10.0.0 79and 1.10.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233663.
|
|||||
| CVE-2022-36748 | 1 Picuploader Project | 1 Picuploader | 2024-11-21 | N/A | 6.1 MEDIUM |
|
PicUploader v2.6.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /master/index.php.
|
|||||
| CVE-2022-36747 | 1 Cobub | 1 Razor | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Razor v0.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the function uploadchannel().
|
|||||
| CVE-2022-36746 | 1 Librenms | 1 Librenms | 2024-11-21 | N/A | 6.1 MEDIUM |
|
LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component oxidized-cfg-check.inc.php.
|
|||||
| CVE-2022-36745 | 1 Librenms | 1 Librenms | 2024-11-21 | N/A | 6.1 MEDIUM |
|
LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component print-customoid.php.
|
|||||
| CVE-2022-36668 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting (XSS) on several parameters. The vulnerabilities exist during creating or editing the parts under parameters. Using the XSS payload, the Stored XSS triggered and can be used for further attack vector.
|
|||||
| CVE-2022-36657 | 1 Library Management System Project | 1 Library Management System | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Library Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /librarian/edit_book_details.php.
|
|||||
| CVE-2022-36639 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in /client.php of Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.
|
|||||
| CVE-2022-36637 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Garage Management System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the brand_name parameter at /brand.php.
|
|||||
| CVE-2022-36600 | 1 Blogengine | 1 Blogengine.net | 2024-11-21 | N/A | 4.8 MEDIUM |
|
BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field.
|
|||||
| CVE-2022-36583 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A | 6.1 MEDIUM |
|
DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/co_do.php via the dopost, rpok, and aid parameters.
|
|||||
| CVE-2022-36573 | 1 Pagekit | 1 Pagekit | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under /blog/post/edit.
|
|||||
| CVE-2022-36533 | 2 Linux, Syncovery | 2 Linux Kernel, Syncovery | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain a cross-site scripting (XSS) vulnerability.
|
|||||
| CVE-2022-36530 | 1 Rageframe | 1 Rageframe | 2024-11-21 | N/A | 6.1 MEDIUM |
|
An issue was discovered in rageframe2 2.6.37. There is a XSS vulnerability in the user agent related parameters of the info.php page.
|
|||||
| CVE-2022-36527 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module.
|
|||||
| CVE-2022-36428 | 1 Rockcontent | 1 Rock Convert | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Stage Rock Convert plugin <= 2.11.0 on WordPress.
|
|||||
| CVE-2022-36417 | 1 3d Tag Cloud Project | 1 3d Tag Cloud | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in 3D Tag Cloud plugin <= 3.8 at WordPress.
|
|||||
| CVE-2022-36405 | 1 Amcharts | 1 Amcharts\ | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in amCharts: Charts and Maps plugin <= 1.4 at WordPress.
|
|||||
| CVE-2022-36390 | 1 Total-soft | 1 Event Calendar | 2024-11-21 | N/A | 4.1 MEDIUM |
|
Authenticated (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Totalsoft Event Calendar – Calendar plugin <= 1.4.6 at WordPress.
|
|||||
| CVE-2022-36383 | 1 Webhelpagency | 1 Wha Wordsearch | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in WHA Word Search Puzzles game plugin <= 2.0.1 at WordPress.
|
|||||
| CVE-2022-36378 | 1 Floating Div Project | 1 Floating Div | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Floating Div plugin <= 3.0 at WordPress.
|
|||||
| CVE-2022-36365 | 1 Webhelpagency | 1 Wha Crossword | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in WHA Crossword plugin <= 1.1.10 at WordPress.
|
|||||
| CVE-2022-36357 | 1 Webpsilon | 1 Ultimate Tables | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Webpsilon ULTIMATE TABLES plugin <= 1.6.5 versions.
|
|||||
| CVE-2022-36356 | 1 Culture Object Project | 1 Culture Object | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam Gladdy / Thirty8 Digital Culture Object plugin <= 4.0.1 at WordPress.
|
|||||
| CVE-2022-36355 | 1 Easy Org Chart Project | 1 Easy Org Chart | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Easy Org Chart plugin <= 3.1 at WordPress.
|
|||||
| CVE-2022-36347 | 1 Thealpinepress | 1 Alpine Phototile For Pinterest | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alpine Press Alpine PhotoTile for Pinterest plugin <= 1.3.1 at WordPress.
|
|||||
| CVE-2022-36343 | 1 Ideastocode | 1 Enable Svg\, Webp \& Ico Upload | 2024-11-21 | N/A | 3.4 LOW |
|
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress.
|
|||||
| CVE-2022-36341 | 1 As - Create Pinterest Pinboard Pages Project | 1 As - Create Pinterest Pinboard Pages | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Authenticated (subscriber+) plugin settings change leading to Stored Cross-Site Scripting (XSS) vulnerability in Akash soni's AS – Create Pinterest Pinboard Pages plugin <= 1.0 at WordPress.
|
|||||
| CVE-2022-36311 | 1 Airspan | 2 Airvelocity 1500, Airvelocity 1500 Firmware | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Airspan AirVelocity 1500 prior to software version 15.18.00.2511 is vulnerable to injection leading to XSS in the SNMP community field in the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models.
|
|||||
| CVE-2022-36305 | 1 Vestacp | 1 Vesta Control Panel | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the body function at /web/api/v1/upload/UploadHandler.php.
|
|||||
| CVE-2022-36304 | 1 Vestacp | 1 Vesta Control Panel | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the generate_response function at /web/api/v1/upload/UploadHandler.php.
|
|||||
| CVE-2022-36303 | 1 Vestacp | 1 Vesta Control Panel | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the handle_file_upload function at /web/api/v1/upload/UploadHandler.php.
|
|||||
| CVE-2022-36282 | 1 Search Exclude Project | 1 Search Exclude | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Roman Pronskiy's Search Exclude plugin <= 1.2.6 at WordPress.
|
|||||
| CVE-2022-36277 | 1 Tcman | 1 Gim | 2024-11-21 | N/A | 6.5 MEDIUM |
|
The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks.
|
|||||
| CVE-2022-36266 | 1 Airspan | 2 Airspot 5410, Airspot 5410 Firmware | 2024-11-21 | N/A | 6.1 MEDIUM |
|
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS payload that will be accepted and stored. A successful attack will results in the injection of malicious scripts into the user settings page.
|
|||||
| CVE-2022-36254 | 1 Hotel Management System Project | 1 Hotel Management System | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Multiple persistent cross-site scripting (XSS) vulnerabilities in index.php in tramyardg Hotel Management System 1.0 allow remote attackers to inject arbitrary web script or HTML via multiple parameters such as "fullname".
|
|||||
| CVE-2022-36251 | 1 Oretnom23 | 1 Clinic\'s Patient Management System | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Clinic's Patient Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via patients.php.
|
|||||
| CVE-2022-36203 | 1 Doctor\'s Appointment System Project | 1 Doctor\'s Appointment System | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Doctor's Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) via the admin panel. In addition, it leads to takeover the administrator account by stealing the cookie via XSS.
|
|||||