Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29929 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
|
In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible
|
|||||
| CVE-2022-29927 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.3 MEDIUM | 4.6 MEDIUM |
|
In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible
|
|||||
| CVE-2022-29923 | 1 Thingsforrestaurants | 1 Quick Restaurant Reservations | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Cross-site Scripting (XSS) vulnerability in ThingsForRestaurants Quick Restaurant Reservations (WordPress plugin) allows Reflected XSS.This issue affects Quick Restaurant Reservations (WordPress plugin): from n/a through 1.4.1.
|
|||||
| CVE-2022-29907 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d9544a54d9752515aace39df) allows XSS in Advertise link messages.
|
|||||
| CVE-2022-29894 | 1 Strapi | 1 Strapi | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege.
|
|||||
| CVE-2022-29890 | 1 Octopus | 1 Octopus Server | 2024-11-21 | N/A | 6.1 MEDIUM |
|
In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link.
|
|||||
| CVE-2022-29887 | 1 Intel | 1 Manageability Commander | 2024-11-21 | N/A | 8.1 HIGH |
|
Cross-site Scripting (XSS) in some Intel(R) Manageability Commander software before version 2.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
|
|||||
| CVE-2022-29817 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 4.3 MEDIUM | 3.9 LOW |
|
In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible
|
|||||
| CVE-2022-29816 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 2.1 LOW | 2.8 LOW |
|
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible
|
|||||
| CVE-2022-29811 | 1 Jetbrains | 1 Hub | 2024-11-21 | 3.5 LOW | 6.1 MEDIUM |
|
In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible.
|
|||||
| CVE-2022-29770 | 1 Xuxueli | 1 Xxl-job | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo.
|
|||||
| CVE-2022-29734 | 1 Ict | 2 Protege Gx, Protege Wx | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.
|
|||||
| CVE-2022-29732 | 1 Deltacontrols | 2 Entelitouch, Entelitouch Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting (XSS) vulnerability via the Username parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
|
|||||
| CVE-2022-29728 | 1 Surveysparrow | 1 Enterprise Survey Software | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Survey Sparrow Enterprise Survey Software 2022 has a Reflected cross-site scripting (XSS) vulnerability in the test parameter.
|
|||||
| CVE-2022-29727 | 1 Surveysparrow | 1 Enterprise Survey Software | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting (XSS) vulnerability in the Signup parameter.
|
|||||
| CVE-2022-29711 | 1 Librenms | 1 Librenms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php.
|
|||||
| CVE-2022-29710 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin.
|
|||||
| CVE-2022-29653 | 1 Ofcms Project | 1 Ofcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json.
|
|||||
| CVE-2022-29649 | 1 Qsmart Next Project | 1 Qsmart Next | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Qsmart Next v4.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability.
|
|||||
| CVE-2022-29648 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request.
|
|||||
| CVE-2022-29628 | 1 Online Market Place Site Project | 1 Online Market Place Site | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in /omps/seller of Online Market Place Site v1.0 allows attackers to execute arbitrary web cripts or HTML via a crafted payload injected into the Page parameter.
|
|||||
| CVE-2022-29618 | 1 Sap | 1 Netweaver Development Infrastructure | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.
|
|||||
| CVE-2022-29610 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack.
|
|||||
| CVE-2022-29602 | 1 Grid Elements Project | 1 Grid Elements | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The gridelements (aka Grid Elements) extension through 7.6.1, 8.x through 8.7.0, 9.x through 9.7.0, and 10.x through 10.2.0 extension for TYPO3 allows XSS.
|
|||||
| CVE-2022-29598 | 1 Solutions-atlantic | 1 Regulatory Reporting System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to an reflected Cross-Site Scripting (XSS) vulnerability via RRSWeb/maint/ShowDocument/ShowDocument.aspx .
|
|||||
| CVE-2022-29589 | 1 Crypt-server Project | 1 Crypt-server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Crypt Server before 3.3.0 allows XSS in the index view. This is related to serial, computername, and username.
|
|||||
| CVE-2022-29584 | 1 Mahara | 1 Mahara | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action.
|
|||||
| CVE-2022-29577 | 2 Antisamy Project, Oracle | 3 Antisamy, Enterprise Manager Base Platform, Weblogic Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367.
|
|||||
| CVE-2022-29548 | 1 Wso2 | 9 Api Manager, Api Manager Analytics, Api Microgateway and 6 more | 2024-11-21 | 4.3 MEDIUM | 4.6 MEDIUM |
|
A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro ...
Show More |
|||||
| CVE-2022-29540 | 1 Resi | 1 Gemini-net | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints,
|
|||||
| CVE-2022-29533 | 1 Misp | 1 Misp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in MISP before 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation with a "weird single checkbox page."
|
|||||
| CVE-2022-29532 | 1 Misp | 1 Misp | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: URL in the URL field, and another administrator clicks on it.
|
|||||
| CVE-2022-29531 | 1 Misp | 1 Misp | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name.
|
|||||
| CVE-2022-29530 | 1 Misp | 1 Misp | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters.
|
|||||
| CVE-2022-29529 | 1 Misp | 1 Misp | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field.
|
|||||
| CVE-2022-29513 | 1 Cybozu | 1 Garoon | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script.
|
|||||
| CVE-2022-29487 | 1 Cybozu | 1 Office | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.
|
|||||
| CVE-2022-29485 | 1 Ss-proj | 1 Shirasagi | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors.
|
|||||
| CVE-2022-29476 | 1 8degreethemes | 1 Notification Bar | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in 8 Degree Themes otification Bar for WordPress plugin <= 1.1.8 at WordPress.
|
|||||
| CVE-2022-29455 | 1 Elementor | 1 Website Builder | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
|
DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions.
|
|||||