Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32145 | 1 Siemens | 1 Teamcenter Active Workspace | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A vulnerability has been identified in Teamcenter Active Workspace V5.2 (All versions < V5.2.9), Teamcenter Active Workspace V6.0 (All versions < V6.0.3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious code by tricking users into accessing a malicious link.
|
|||||
| CVE-2022-32131 | 1 74cms | 1 74cmsse | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /index/notice/show.
|
|||||
| CVE-2022-32130 | 1 74cms | 1 74cmsse | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/down_resume/total/nature.
|
|||||
| CVE-2022-32129 | 1 74cms | 1 74cmsse | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/account/safety/trade.
|
|||||
| CVE-2022-32128 | 1 74cms | 1 74cmsse | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/service/increment/add/im.
|
|||||
| CVE-2022-32127 | 1 74cms | 1 74cmsse | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/view_be_browsed/total.
|
|||||
| CVE-2022-32126 | 1 74cms | 1 74cmsse | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company.
|
|||||
| CVE-2022-32125 | 1 74cms | 1 74cmsse | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /job.
|
|||||
| CVE-2022-32124 | 1 74cms | 1 74cmsse | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /index/jobfairol/show/.
|
|||||
| CVE-2022-32118 | 1 Arox | 1 School Erp Pro | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Arox School ERP Pro v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the dispatchcategory parameter in backoffice.inc.php.
|
|||||
| CVE-2022-32115 | 1 Withknown | 1 Known | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue in the isSVG() function of Known v1.2.2+2020061101 allows attackers to execute arbitrary code via a crafted SVG file.
|
|||||
| CVE-2022-32074 | 1 Osticket | 1 Osticket | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file.
|
|||||
| CVE-2022-32065 | 1 Ruoyi | 1 Ruoyi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file.
|
|||||
| CVE-2022-32061 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.
|
|||||
| CVE-2022-32060 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.
|
|||||
| CVE-2022-31914 | 1 Phpgurukul | 1 Zoo Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via zms/admin/public_html/save_animal?an_id=24.
|
|||||
| CVE-2022-31910 | 1 Online Tutor Portal Site Project | 1 Online Tutor Portal Site | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Online Tutor Portal Site v1.0 is vulnerable to Cross Site Scripting (XSS). via /otps/classes/Master.php.
|
|||||
| CVE-2022-31906 | 1 Online Fire Reporting System Project | 1 Online Fire Reporting System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Online Fire Reporting System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ofrs/classes/Master.php.
|
|||||
| CVE-2022-31904 | 1 Uberrider | 1 Mediacenter | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
EGT-Kommunikationstechnik UG Mediacenter before v2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Online_Update.php.
|
|||||
| CVE-2022-31897 | 1 Phpgurukul | 1 Zoo Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via public_html/register_visitor?msg=.
|
|||||
| CVE-2022-31875 | 1 Trendnet | 2 Tv-ip110wn, Tv-ip110wn Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an xss vulnerability via the proname parameter in /admin/scheprofile.cgi
|
|||||
| CVE-2022-31873 | 1 Trendnet | 2 Tv-ip110wn, Tv-ip110wn Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an XSS vulnerability via the prefix parameter in /admin/general.cgi.
|
|||||
| CVE-2022-31861 | 1 Thingsboard | 1 Thingsboard | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross site Scripting (XSS) in ThingsBoard IoT Platform through 3.3.4.1 via a crafted value being sent to the audit logs.
|
|||||
| CVE-2022-31792 | 1 Watchguard | 1 Fireware | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability exists in the management web interface of WatchGuard Firebox and XTM appliances. A remote attacker can potentially execute arbitrary JavaScript code in the management web interface by sending crafted requests to exposed management ports. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4.
|
|||||
| CVE-2022-31786 | 1 Ideaco | 1 Idealms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IdeaLMS 2022 allows reflected Cross Site Scripting (XSS) via the IdeaLMS/Class/Assessment/ PATH_INFO.
|
|||||
| CVE-2022-31774 | 1 Ibm | 1 Datapower Gateway | 2024-11-21 | N/A | 5.4 MEDIUM |
|
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228358.
|
|||||
| CVE-2022-31734 | 1 Cisco | 4 Ws-c2940-8tf-s, Ws-c2940-8tf-s Firmware, Ws-c2940-8tt-s and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc. contain a reflected cross-site scripting vulnerability regarding error page generation. An arbitrary script may be executed on the web browser of the user who is using the product. The affected firmware is prior to 12.2(50)SY released in 2011, and Cisco Catalyst 2940 Series Switches have been retired since January 2015
|
|||||
| CVE-2022-31663 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2024-11-21 | N/A | 6.1 MEDIUM |
|
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.
|
|||||
| CVE-2022-31655 | 1 Vmware | 1 Vrealize Log Insight | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.
|
|||||
| CVE-2022-31654 | 1 Vmware | 1 Vrealize Log Insight | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.
|
|||||
| CVE-2022-31648 | 1 Talend | 1 Administration Center | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Talend Administration Center is vulnerable to a reflected Cross-Site Scripting (XSS) issue in the SSO login endpoint. The issue is fixed for versions 8.0.x in TPS-5233, for versions 7.3.x in TPS-5324, and for versions 7.2.x in TPS-5235. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version.
|
|||||
| CVE-2022-31498 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS.
|
|||||
| CVE-2022-31497 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS.
|
|||||
| CVE-2022-31495 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS.
|
|||||
| CVE-2022-31494 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS.
|
|||||
| CVE-2022-31493 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS.
|
|||||
| CVE-2022-31492 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username.
|
|||||
| CVE-2022-31470 | 1 Axigen | 1 Axigen Mobile Webmail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content.
|
|||||
| CVE-2022-31456 | 1 Truedesk | 1 Truedesk | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the team name parameter.
|
|||||
| CVE-2022-31455 | 1 Truedesk | 1 Truedesk | 2024-11-21 | N/A | 6.1 MEDIUM |
|
* A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a user chat box.
|
|||||