Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31029 | 1 Pi-hole | 1 Adminlte | 2024-11-21 | 3.5 LOW | 5.9 MEDIUM |
|
AdminLTE is a Pi-hole Dashboard for stats and configuration. In affected versions inserting code like `<script>alert("XSS")</script>` in the field marked with "Domain to look for" and hitting <kbd>enter</kbd> (or clicking on any of the buttons) will execute the script. The user must be logged in to use this vulnerability. Usually only administrators have login access to pi-hole, minimizing the risks. Users are advised to upgrade. There are no known workarounds for this issue.
|
|||||
| CVE-2022-30999 | 1 Friendsofflarum | 1 Upload | 2024-11-21 | 3.5 LOW | 8.7 HIGH |
|
FriendsofFlarum (FoF) Upload is an extension that handles file uploads intelligently for your forum. If FoF Upload prior to version 1.2.3 is configured to allow the uploading of SVG files ('image/svg+xml'), navigating directly to an SVG file URI could execute arbitrary Javascript code decided by an attacker. This Javascript code could include the execution of HTTP web requests to Flarum, or any other web service. This could allow data to be leaked by an authenticated Flarum user, or, possibly, f ...
Show More |
|||||
| CVE-2022-30991 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240
|
|||||
| CVE-2022-30982 | 1 Gentics | 1 Gentics Cms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
An issue was discovered in Gentics CMS before 5.43.1. There is stored XSS in the profile description and in the username.
|
|||||
| CVE-2022-30970 | 1 Jenkins | 1 Autocomplete Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropdown Autocomplete parameter and Auto Complete String parameter names in an unsafe manner from Javascript embedded in view definitions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-30968 | 1 Jenkins | 1 Vboxwrapper | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins vboxwrapper Plugin 1.3 and earlier does not escape the name and description of VBox node parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-30967 | 1 Jenkins | 1 Selection Tasks | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Selection tasks Plugin 1.0 and earlier does not escape the name and description of Script Selection task variable parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-30965 | 1 Jenkins | 1 Promoted Builds | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-30964 | 1 Jenkins | 1 Multiselect Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Multiselect parameter Plugin 1.3 and earlier does not escape the name and description of Multiselect parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-30963 | 1 Jenkins | 1 Jdk Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-30962 | 1 Jenkins | 1 Global Variable String Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Global Variable String Parameter Plugin 1.2 and earlier does not escape the name and description of Global Variable String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-30961 | 1 Jenkins | 1 Autocomplete Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Autocomplete Parameter Plugin 1.1 and earlier does not escape the name of Dropdown Autocomplete and Auto Complete String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-30960 | 1 Jenkins | 1 Application Detector | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Application Detector Plugin 1.0.8 and earlier does not escape the name of Chois Application Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-30956 | 1 Jenkins | 1 Rundeck | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to submit crafted Rundeck webhook payloads.
|
|||||
| CVE-2022-30903 | 1 Nokia | 2 G-2425g-a, G-2425g-a Firmware | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA" Software Version "3FE49362IJHK42" is vulnerable to Cross-Site Scripting (XSS) via the admin->Maintenance>Device Management.
|
|||||
| CVE-2022-30899 | 1 Partkeepr | 1 Partkeepr | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the 'name' field in /api/part_categories.
|
|||||
| CVE-2022-30875 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page.
|
|||||
| CVE-2022-30874 | 1 Nukeviet | 1 Nukeviet | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
There is a Cross Site Scripting Stored (XSS) vulnerability in NukeViet CMS before 4.5.02.
|
|||||
| CVE-2022-30863 | 1 Fudforum | 1 Fudforum | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_title param in Page Manager in the Admin Control Panel.
|
|||||
| CVE-2022-30861 | 1 Fudforum | 1 Fudforum | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature.
|
|||||
| CVE-2022-30842 | 1 Covid 19 Travel Pass Management System Project | 1 Covid 19 Travel Pass Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ctpms/classes/Users.php?f=save, firstname.
|
|||||
| CVE-2022-30839 | 1 Room Rent Portal Site Project | 1 Room Rent Portal Site | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Room-rent-portal-site v1.0 is vulnerable to Cross Site Scripting (XSS) via /rrps/classes/Master.php?f=save_category, vehicle_name.
|
|||||
| CVE-2022-30777 | 1 Parallels | 1 H-sphere | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter.
|
|||||
| CVE-2022-30776 | 1 Atmail | 1 Atmail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter.
|
|||||
| CVE-2022-30770 | 1 Terminalfour | 1 Terminalfour | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Terminalfour versions 8.3.7, 8.3.x versions prior to version 8.3.8 and r 8.2.x versions prior to version 8.2.18.5 or 8.2.18.2.1 are vulnerable to (XSS) vulnerability that could be exploited by an attacker to mislead an administrator and steal their credentials.
|
|||||
| CVE-2022-30690 | 1 Wwbn | 1 Avideo | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A cross-site scripting (xss) vulnerability exists in the image403 functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.
|
|||||
| CVE-2022-30679 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
|
|||||
| CVE-2022-30611 | 2 Ibm, Linux | 2 Spectrum Copy Data Management, Linux Kernel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using some fields of the form in the portal UI to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based aut ...
Show More |
|||||
| CVE-2022-30604 | 1 Cybozu | 1 Office | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.
|
|||||
| CVE-2022-30596 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk.
|
|||||
| CVE-2022-30576 | 1 Tibco | 2 Data Science - Workbench, Statistica | 2024-11-21 | N/A | 8.7 HIGH |
|
The Web Console component of TIBCO Software Inc.'s TIBCO Data Science - Workbench, TIBCO Statistica, TIBCO Statistica - Estore Edition, and TIBCO Statistica Trial contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Data ...
Show More |
|||||
| CVE-2022-30575 | 1 Tibco | 2 Data Science - Workbench, Statistica | 2024-11-21 | N/A | 7.3 HIGH |
|
The Web Console component of TIBCO Software Inc.'s TIBCO Data Science - Workbench, TIBCO Statistica, TIBCO Statistica - Estore Edition, and TIBCO Statistica Trial contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO Data Science - Workbench: versions 14.0.0 and below, TIBCO Statistica: ...
Show More |
|||||
| CVE-2022-30571 | 1 Tibco | 1 Iway Service Manager | 2024-11-21 | N/A | 8.1 HIGH |
|
The iWay Service Manager Console component of TIBCO Software Inc.'s TIBCO iWay Service Manager contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO iWay Service Manager: versions 8.0.6 and below.
|
|||||
| CVE-2022-30545 | 1 5-anker | 1 5 Anker Connect | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Auth. Reflected Cross-Site Scripting (XSS) vulnerability in 5 Anker Connect plugin <= 1.2.6 on WordPress.
|
|||||
| CVE-2022-30536 | 1 Wp Maintenance Project | 1 Wp Maintenance | 2024-11-21 | N/A | 3.4 LOW |
|
Authenticated Stored Cross-Site Scripting (XSS) vulnerability in Florent Maillefaud's WP Maintenance plugin <= 6.0.7 at WordPress.
|
|||||
| CVE-2022-30533 | 1 Webnus | 1 Modern Events Calendar Lite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject an arbitrary script via unspecified vectors.
|
|||||
| CVE-2022-30517 | 1 Mogublog Project | 1 Mogublog | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Mogu blog 5.2 is vulnerable to Cross Site Scripting (XSS).
|
|||||
| CVE-2022-30514 | 1 School Dormitory Management System Project | 1 School Dormitory Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:126.
|
|||||
| CVE-2022-30513 | 1 School Dormitory Management System Project | 1 School Dormitory Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:125
|
|||||
| CVE-2022-30494 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs.
|
|||||