Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34795 | 1 Jenkins | 1 Deployment Dashboard | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape environment names on its Deployment Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.
|
|||||
| CVE-2022-34791 | 1 Jenkins | 1 Validating Email Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Validating Email Parameter Plugin 1.10 and earlier does not escape the name and description of its parameter type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-34790 | 1 Jenkins | 1 Extreme Feedback Panel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins eXtreme Feedback Panel Plugin 2.0.1 and earlier does not escape the job names used in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-34788 | 1 Jenkins | 1 Matrix Reloaded | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.
|
|||||
| CVE-2022-34787 | 1 Jenkins | 1 Project Inheritance | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked.
|
|||||
| CVE-2022-34786 | 1 Jenkins | 1 Rich Text Publisher | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the HTML message set by its post-build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.
|
|||||
| CVE-2022-34784 | 1 Jenkins | 1 Build-metrics | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Build/Update permission.
|
|||||
| CVE-2022-34783 | 1 Jenkins | 1 Plot | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-34778 | 1 Jenkins | 1 Testng Results | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins TestNG Results Plugin 554.va4a552116332 and earlier renders the unescaped test descriptions and exception messages provided in test results if certain job-level options are set, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or control test results.
|
|||||
| CVE-2022-34777 | 1 Jenkins | 1 Gitlab | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-34768 | 1 Supersmart | 1 Supersmart.me - Walk Through | 2024-11-21 | N/A | 6.5 MEDIUM |
|
insert HTML / js code inside input how to get to the vulnerable input : Workers > worker nickname > inject in this input the code.
|
|||||
| CVE-2022-34656 | 1 Wpdevart | 1 Poll\, Survey\, Questionnaire And Voting System | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Authenticated (admin+) Cross-Site Scripting (XSS) vulnerability in wpdevart Poll, Survey, Questionnaire and Voting system plugin <= 1.7.4 at WordPress.
|
|||||
| CVE-2022-34650 | 1 Wpwax | 1 Team | 2024-11-21 | N/A | 4.1 MEDIUM |
|
Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress.
|
|||||
| CVE-2022-34648 | 1 Uploading Svg\, Webp And Ico Files Project | 1 Uploading Svg\, Webp And Ico Files | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress.
|
|||||
| CVE-2022-34619 | 1 Mealie Project | 1 Mealie | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in Mealie v0.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Shopping Lists item names text field.
|
|||||
| CVE-2022-34618 | 1 Mealie Project | 1 Mealie | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in Mealie 1.0.0beta3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the recipe description text field.
|
|||||
| CVE-2022-34611 | 1 Online Fire Reporting System Project | 1 Online Fire Reporting System | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in /index.php/?p=report of Online Fire Reporting System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "Contac #" text field.
|
|||||
| CVE-2022-34594 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component ip/school/moudel/update_subject.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Subject text field.
|
|||||
| CVE-2022-34580 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the address parameter at ip/school/index.php.
|
|||||
| CVE-2022-34550 | 1 Student Information Management System Project | 1 Student Information Management System | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Sims v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /addNotifyServlet. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the notifyInfo parameter.
|
|||||
| CVE-2022-34537 | 1 Dw | 2 Megapix, Megapix Firmware | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a cross-site scripting (XSS) vulnerability via the component bia_oneshot.cgi.
|
|||||
| CVE-2022-34451 | 1 Dell | 1 Powerpath Management Appliance | 2024-11-21 | N/A | 4.8 MEDIUM |
|
PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Stored Cross-site Scripting Vulnerability. An authenticated admin user could potentially exploit this vulnerability, to hijack user sessions or trick a victim application user into unknowingly send arbitrary requests to the server.
|
|||||
| CVE-2022-34362 | 3 Ibm, Linux, Microsoft | 5 Aix, Linux On Ibm Z, Sterling Secure Proxy and 2 more | 2024-11-21 | N/A | 4.6 MEDIUM |
|
IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 230523.
|
|||||
| CVE-2022-34358 | 1 Ibm | 1 I | 2024-11-21 | N/A | 5.4 MEDIUM |
|
IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 230516.
|
|||||
| CVE-2022-34336 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | N/A | 5.4 MEDIUM |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229714.
|
|||||
| CVE-2022-34330 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more | 2024-11-21 | N/A | 6.1 MEDIUM |
|
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229469.
|
|||||
| CVE-2022-34328 | 1 Sigb | 1 Pmb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_see request to index.php.
|
|||||
| CVE-2022-34317 | 1 Ibm | 1 Cics Tx | 2024-11-21 | N/A | 5.4 MEDIUM |
|
IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229459.
|
|||||
| CVE-2022-34315 | 1 Ibm | 1 Cics Tx | 2024-11-21 | N/A | 5.4 MEDIUM |
|
IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229451.
|
|||||
| CVE-2022-34306 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229435.
|
|||||
| CVE-2022-34305 | 1 Apache | 1 Tomcat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.
|
|||||
| CVE-2022-34258 | 2 Adobe, Magento | 2 Commerce, Magento | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker with admin privileges to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2022-34257 | 2 Adobe, Magento | 2 Commerce, Magento | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2022-34198 | 1 Jenkins | 1 Stash Branch Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier does not escape the name and description of Stash Branch parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-34197 | 1 Jenkins | 1 Sauce Ondemand | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Sauce OnDemand Plugin 1.204 and earlier does not escape the name and description of Sauce Labs Browsers parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-34196 | 1 Jenkins | 1 Rest List Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-34195 | 1 Jenkins | 1 Repository Connector | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Repository Connector Plugin 2.2.0 and earlier does not escape the name and description of Maven Repository Artifact parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-34194 | 1 Jenkins | 1 Readonly Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Readonly String and Readonly Text parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-34193 | 1 Jenkins | 1 Package Version | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Package Version Plugin 1.0.1 and earlier does not escape the name of Package version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-34192 | 1 Jenkins | 1 Ontrack | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||