Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34191 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.77 and earlier does not escape the name of NetStorm Test parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-34190 | 1 Jenkins | 1 Maven Metadata | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-34189 | 1 Jenkins | 1 Image Tag Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Image Tag Parameter Plugin 1.10 and earlier does not escape the name and description of Image Tag parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-34188 | 1 Jenkins | 1 Hidden Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-34187 | 1 Jenkins | 1 Filesystem List Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not escape the name and description of File system objects list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-34186 | 1 Jenkins | 1 Dynamic Extended Choice Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-34185 | 1 Jenkins | 1 Date Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Date Parameter Plugin 0.0.4 and earlier does not escape the name and description of Date parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-34184 | 1 Jenkins | 1 Crx Content Package Deployer | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-34183 | 1 Jenkins | 1 Agent Server Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Agent Server parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-34182 | 1 Jenkins | 1 Nested View | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not escape search parameters, resulting in a reflected cross-site scripting (XSS) vulnerability.
|
|||||
| CVE-2022-34178 | 1 Jenkins | 1 Embeddable Build Status | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link' query parameter that build status badges will link to, without restricting possible values, resulting in a reflected cross-site scripting (XSS) vulnerability.
|
|||||
| CVE-2022-34176 | 1 Jenkins | 1 Junit | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.
|
|||||
| CVE-2022-34173 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
|
In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
|
|||||
| CVE-2022-34172 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
|
In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting (XSS) vulnerability.
|
|||||
| CVE-2022-34171 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
|
In Jenkins 2.321 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' (until Jenkins 2.334) and 'alt' attribute of 'l:icon' (since Jenkins 2.335) without further escaping, resulting in a cross-site scripting (XSS) vulnerability.
|
|||||
| CVE-2022-34170 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
|
In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
|
|||||
| CVE-2022-34167 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM CICS TX Standard and Advanced 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229432.
|
|||||
| CVE-2022-34166 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM CICS TX Standard and Advanced 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229430.
|
|||||
| CVE-2022-34163 | 1 Ibm | 1 Cics Tx | 2024-11-21 | N/A | 6.1 MEDIUM |
|
IBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229333.
|
|||||
| CVE-2022-34160 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
|
IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 229330.
|
|||||
| CVE-2022-34148 | 1 Jetbackup | 1 Jetbackup | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JetBackup JetBackup – WP Backup, Migrate & Restore plugin <= 1.6.9.0 versions.
|
|||||
| CVE-2022-34140 | 1 Feehi | 1 Feehi Cms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field.
|
|||||
| CVE-2022-34133 | 1 Jorani | 1 Jorani | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Benjamin BALET Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/Leaves.php.
|
|||||
| CVE-2022-34094 | 1 Softwarepublico | 1 I3geo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via request_token.php.
|
|||||
| CVE-2022-34093 | 1 Softwarepublico | 1 I3geo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via access_token.php.
|
|||||
| CVE-2022-34092 | 1 Softwarepublico | 1 I3geo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via svg2img.php.
|
|||||
| CVE-2022-34048 | 1 Wavlink | 2 Wn533a8, Wn533a8 Firmware | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login_page parameter.
|
|||||
| CVE-2022-34025 | 1 Vestacp | 1 Vesta Control Panel | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the post function at /web/api/v1/upload/UploadHandler.php.
|
|||||
| CVE-2022-34009 | 2 Fossil-scm, Microsoft | 2 Fossil, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Fossil 2.18 on Windows allows attackers to cause a denial of service (daemon crash) via an XSS payload in a ticket. This occurs because the ticket data is stored in a temporary file, and the product does not properly handle the absence of this file after Windows Defender has flagged it as malware.
|
|||||
| CVE-2022-34007 | 1 Eqs | 1 Integrity Line | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
EQS Integrity Line Professional through 2022-07-01 allows a stored XSS via a crafted whistleblower entry.
|
|||||
| CVE-2022-33994 | 1 Gutenberg Project | 1 Gutenberg | 2024-11-21 | N/A | 3.0 LOW |
|
The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the "Insert from URL" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous attempts by low-privileged users to reference SVG documents are blocked by some similar products, and this behavioral difference might have security relevance to some WordPress site administrators.
|
|||||
| CVE-2022-33978 | 1 Fontmeister Project | 1 Fontmeister | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Reflected Cross-Site Scripting (XSS) vulnerability FontMeister plugin <= 1.08 at WordPress.
|
|||||
| CVE-2022-33961 | 1 Waspthemes | 1 Visual Css Style Editor | 2024-11-21 | N/A | 4.0 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WaspThemes Visual CSS Style Editor plugin <= 7.5.8 versions.
|
|||||
| CVE-2022-33943 | 1 Bxslider Wp Project | 1 Bxslider Wp | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Authenticated (contributor or higher user role) Cross-Site Scripting (XSS) vulnerability in Nico Amarilla's BxSlider WP plugin <= 2.0.0 at WordPress.
|
|||||
| CVE-2022-33935 | 1 Dell | 1 Emc Data Protection Advisor | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-s ...
Show More |
|||||
| CVE-2022-33934 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | N/A | 7.7 HIGH |
|
Dell PowerScale OneFS, versions 8.2.x through 9.4.x contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges may potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected fields.
|
|||||
| CVE-2022-33929 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in EndUserSummary page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.
|
|||||
| CVE-2022-33910 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, file_download.php opens the SVG document in a browser tab instead of downloading it as a file, causing the JavaScript code to execute.
|
|||||
| CVE-2022-33191 | 1 Testimonials Project | 1 Testimonials | 2024-11-21 | N/A | 4.1 MEDIUM |
|
Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Chinmoy Paul's Testimonials plugin <= 3.0.1 at WordPress.
|
|||||
| CVE-2022-33157 | 1 Libconnect Project | 1 Libconnect | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The libconnect extension before 7.0.8 and 8.x before 8.1.0 for TYPO3 allows XSS.
|
|||||