Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35569 | 1 Blogifier | 1 Blogifier | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Blogifier v3.0 was discovered to contain an arbitrary file upload vulnerability at /api/storage/upload/PostImage. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted file.
|
|||||
| CVE-2022-35554 | 1 Bpcbt | 1 Smartvista | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side.
|
|||||
| CVE-2022-35509 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an attacker to execute arbitrary Web scripts or HTML by injecting a special payload via the title parameter in the foreground contribution, allowing the attacker to obtain sensitive information.
|
|||||
| CVE-2022-35493 | 1 Wrteam | 1 Eshop - Ecommerce \/ Store Website | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A Cross-site scripting (XSS) vulnerability in json search parse and the json response in wrteam.in, eShop - Multipurpose Ecommerce Store Website version 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the get_products?search parameter.
|
|||||
| CVE-2022-35416 | 1 H3c | 1 Ssl Vpn | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS.
|
|||||
| CVE-2022-35298 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-11-21 | N/A | 6.1 MEDIUM |
|
SAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. KMC servlet is vulnerable to XSS attack. The execution of script content by a victim registered on the portal could compromise the confidentiality and integrity of victim’s web browser session.
|
|||||
| CVE-2022-35297 | 1 Sap | 1 Enable Now | 2024-11-21 | N/A | 5.4 MEDIUM |
|
The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting (XSS) vulnerability leading to limited impact on Confidentiality, Integrity and Availability.
|
|||||
| CVE-2022-35294 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | N/A | 5.4 MEDIUM |
|
An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack. This could lead to information disclosure including stealing authentication information and impersonating the affected user.
|
|||||
| CVE-2022-35278 | 2 Apache, Netapp | 3 Activemq Artemis, Active Iq Unified Manager, Oncommand Workflow Automation | 2024-11-21 | N/A | 6.1 MEDIUM |
|
In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue.
|
|||||
| CVE-2022-35275 | 1 Algolplus | 1 Advanced Order Export For Woocommerce | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Authenticated (shop manager+) Reflected Cross-Site Scripting (XSS) vulnerability in AlgolPlus Advanced Order Export For WooCommerce plugin <= 3.3.1 at WordPress.
|
|||||
| CVE-2022-35227 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site (XSS) scripting attack. A successful exploit could allow the attacker to execute arbitrary script code which could lead to stealing or modifying of authentication information of the user, such as data relating to his or her current session.
|
|||||
| CVE-2022-35225 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. This leads to limited impact on confidentiality and integrity of data.
|
|||||
| CVE-2022-35224 | 1 Sap | 1 Enterprise Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This attack can be used to non-permanently deface or modify portal content. The execution of script content by a victim registered on the portal could compromise the confidentiality and integrity of victim�s web browser session.
|
|||||
| CVE-2022-35213 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Ecommerce-CodeIgniter-Bootstrap before commit 56465f was discovered to contain a cross-site scripting (XSS) vulnerability via the function base_url() at /blog/blogpublish.php.
|
|||||
| CVE-2022-35212 | 1 Oscommerce | 1 Oscommerce | 2024-11-21 | N/A | 6.1 MEDIUM |
|
osCommerce2 before v2.3.4.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the function tep_db_error().
|
|||||
| CVE-2022-35194 | 1 Testlink | 1 Testlink | 2024-11-21 | N/A | 5.4 MEDIUM |
|
TestLink v1.9.20 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /lib/inventory/inventoryView.php.
|
|||||
| CVE-2022-35174 | 1 Getkirby | 1 Starterkit | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in Kirby's Starterkit v3.7.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Tags field.
|
|||||
| CVE-2022-35172 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.
|
|||||
| CVE-2022-35170 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. This leads to limited impact on confidentiality and integrity of data.
|
|||||
| CVE-2022-35163 | 1 Complete Online Job Search System Project | 1 Complete Online Job Search System | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the U_NAME parameter at /category/controller.php?action=edit.
|
|||||
| CVE-2022-35162 | 1 Complete Online Job Search System Project | 1 Complete Online Job Search System | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the CATEGORY parameter at /category/controller.php?action=edit.
|
|||||
| CVE-2022-35151 | 1 Keking | 1 Kkfileview | 2024-11-21 | N/A | 6.1 MEDIUM |
|
kkFileView v4.1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.
|
|||||
| CVE-2022-35144 | 1 Raneto Project | 1 Raneto | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Renato v0.17.0 was discovered to contain a cross-site scripting (XSS) vulnerability.
|
|||||
| CVE-2022-35133 | 1 Cherrytree Project | 1 Cherrytree | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node.
|
|||||
| CVE-2022-35131 | 1 Joplinapp | 1 Joplin | 2024-11-21 | N/A | 9.0 CRITICAL |
|
Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles.
|
|||||
| CVE-2022-35118 | 1 Pyrocms | 1 Pyrocms | 2024-11-21 | N/A | 6.1 MEDIUM |
|
PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.
|
|||||
| CVE-2022-35117 | 1 Oretnom23 | 1 Clinic\'s Patient Management System | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Clinic's Patient Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via update_medicine_details.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Packing text box under the Update Medical Details module.
|
|||||
| CVE-2022-34991 | 1 Techvill | 1 Paymoney | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Paymoney v3.3 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the first_name and last_name parameters.
|
|||||
| CVE-2022-34988 | 1 Inoutscripts | 1 Blockchain Altexchanger | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Inout Blockchain AltExchanger v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/js.
|
|||||
| CVE-2022-34966 | 1 Openteknik | 1 Open Source Social Network | 2024-11-21 | N/A | 7.5 HIGH |
|
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML injection vulnerability via the location parameter at http://ip_address/:port/ossn/home.
|
|||||
| CVE-2022-34964 | 1 Openteknik | 1 Open Source Social Network | 2024-11-21 | N/A | 4.8 MEDIUM |
|
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the SitePages module.
|
|||||
| CVE-2022-34963 | 1 Openteknik | 1 Open Source Social Network | 2024-11-21 | N/A | 5.4 MEDIUM |
|
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the News Feed module.
|
|||||
| CVE-2022-34962 | 1 Openteknik | 1 Open Source Social Network | 2024-11-21 | N/A | 5.4 MEDIUM |
|
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Group Timeline module.
|
|||||
| CVE-2022-34961 | 1 Openteknik | 1 Open Source Social Network | 2024-11-21 | N/A | 5.4 MEDIUM |
|
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Users Timeline module.
|
|||||
| CVE-2022-34911 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showSuccessPage() with a message as second parameter, and OutputPage::setPageTitle() uses text().
|
|||||
| CVE-2022-34879 | 1 Vicidial | 1 Vicidial | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Reflected Cross Site Scripting (XSS) vulnerabilities in AST Agent Time Sheet interface (/vicidial/AST_agent_time_sheet.php) of VICIdial via agent, and search_archived_data parameters. This issue affects: VICIdial 2.14b0.5 versions prior to 3555.
|
|||||
| CVE-2022-34857 | 1 Smartypantsplugins | 1 Sp Project \& Document Manager | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager plugin <= 4.59 at WordPress
|
|||||
| CVE-2022-34853 | 1 Wpwax | 1 Team | 2024-11-21 | N/A | 4.1 MEDIUM |
|
Multiple Authenticated (contributor or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress.
|
|||||
| CVE-2022-34834 | 1 Vermeg | 1 Agile Reporter | 2024-11-21 | N/A | 4.8 MEDIUM |
|
An issue was discovered in VERMEG AgileReporter 21.3. Attackers can gain privileges via an XSS payload in an Add Comment action to the Activity log.
|
|||||
| CVE-2022-34833 | 1 Vermeg | 1 Agile Reporter | 2024-11-21 | N/A | 5.4 MEDIUM |
|
An issue was discovered in VERMEG AgileReporter 21.3. An admin can enter an XSS payload in the Analysis component.
|
|||||