Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29096 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | 3.5 LOW | 6.1 MEDIUM |
|
Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in saveGroupConfigurations page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.
|
|||||
| CVE-2022-29095 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2024-11-21 | 7.6 HIGH | 8.3 HIGH |
|
Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability under specific conditions leading to execution of malicious code on a vulnerable system.
|
|||||
| CVE-2022-29091 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
|
Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere GUI. An Unauthenticated Remote Attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.
|
|||||
| CVE-2022-29057 | 1 Fortinet | 1 Fortiedr | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiEDR version 5.1.0, 5.0.0 through 5.0.3 Patch 6 and 4.0.0 allows a remote authenticated attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload into the Management Console via various endpoints.
|
|||||
| CVE-2022-29049 | 1 Jenkins | 1 Promoted Builds | 2024-11-21 | 4.0 MEDIUM | 5.4 MEDIUM |
|
Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not validate the names of promotions defined in Job DSL, allowing attackers with Job/Configure permission to create a promotion with an unsafe name.
|
|||||
| CVE-2022-29046 | 2 Apple, Jenkins | 2 Macos, Subversion | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-29045 | 1 Jenkins | 1 Promoted Builds | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-29044 | 1 Jenkins | 1 Node And Label Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Node and Label parameter Plugin 1.10.3 and earlier does not escape the name and description of Node and Label parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-29043 | 1 Jenkins | 1 Mask Passwords | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-29042 | 1 Jenkins | 1 Job Generator | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Job Generator Plugin 1.22 and earlier does not escape the name and description of Generator Parameter and Generator Choice parameters on Job Generator jobs' Build With Parameters views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-29041 | 1 Jenkins | 1 Jira | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-29040 | 1 Jenkins | 1 Git Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Git Parameter Plugin 0.9.15 and earlier does not escape the name and description of Git parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-29039 | 1 Jenkins | 1 Gerrit Trigger | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-29038 | 1 Jenkins | 1 Extended Choice Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-29037 | 1 Jenkins | 1 Cvs | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-29036 | 1 Jenkins | 1 Credentials | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 1087.1089.v2f1b_9a_b_040e4, 1074.1076.v39c30cecb_0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-29034 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code.
This could allow attackers to perform reflected cross-site scripting (XSS) attacks.
|
|||||
| CVE-2022-29020 | 1 Forestblog Project | 1 Forestblog | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar.
|
|||||
| CVE-2022-29005 | 1 Phpgurukul | 1 Online Birth Certificate System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname or lname parameters.
|
|||||
| CVE-2022-29004 | 1 Phpgurukul | 1 E-diary Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php.
|
|||||
| CVE-2022-28985 | 1 Orangehrm | 1 Orangehrm | 2024-11-21 | 3.5 LOW | 6.3 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in the addNewPost component of OrangeHRM v4.10.1 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.
|
|||||
| CVE-2022-28959 | 1 Spip | 1 Spip | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML.
|
|||||
| CVE-2022-28920 | 1 Moecraft | 1 Tieba-cloud-sign | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Tieba-Cloud-Sign v4.9 was discovered to contain a cross-site scripting (XSS) vulnerability via the function strip_tags.
|
|||||
| CVE-2022-28919 | 2 Dokuwiki, Fedoraproject | 2 Dokuwiki, Fedora | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename.
|
|||||
| CVE-2022-28867 | 1 Nokia | 1 Netact | 2024-11-21 | N/A | 5.4 MEDIUM |
|
An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /aom/html/EditTemplate.jsf and /aom/html/ViewAllTemplatesPage.jsf templa ...
Show More |
|||||
| CVE-2022-28865 | 1 Nokia | 1 Netact | 2024-11-21 | N/A | 5.4 MEDIUM |
|
An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /netact/sct filename parameter is used.
|
|||||
| CVE-2022-28851 | 1 Adobe | 1 Experience Manager | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.
|
|||||
| CVE-2022-28820 | 1 Adobe | 1 Acs Aem Commons | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
ACS Commons version 5.1.x (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in /apps/acs-commons/content/page-compare.html endpoint via the a and b GET parameters. User input submitted via these parameters is not validated or sanitised. An attacker must provide a link to someone with access to AEM Author, and could potentially exploit this vulnerability to inject malicious JavaScript content into vulnerable form fields and execute it within the context of the victim ...
Show More |
|||||
| CVE-2022-28818 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
ColdFusion versions CF2021U3 (and earlier) and CF2018U13 are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
|
|||||
| CVE-2022-28816 | 1 Gavazziautomation | 3 Cpy Car Park Server, Uwp 3.0 Monitoring Gateway And Controller, Uwp 3.0 Monitoring Gateway And Controller Firmware | 2024-11-21 | N/A | 6.1 MEDIUM |
|
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy is prone to reflected XSS which only affects the Sentilo service.
|
|||||
| CVE-2022-28803 | 1 Silverstripe | 1 Silverstripe | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR).
|
|||||
| CVE-2022-28770 | 1 Sap | 1 Sapui5 Library | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Due to insufficient input validation, SAPUI5 library(vbm) - versions 750, 753, 754, 755, 75, allows an unauthenticated attacker to inject a script into the URL and execute code. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.
|
|||||
| CVE-2022-28732 | 1 Apache | 1 Jspwiki | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later.
|
|||||
| CVE-2022-28730 | 1 Apache | 1 Jspwiki | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A carefully crafted request on AJAXPreview.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. This vulnerability leverages CVE-2021-40369, where the Denounce plugin dangerously renders user-supplied URLs. Upon re-testing CVE-2021-40369, it appears that the patch was incomplete as it was still possible to insert malicious input via the Denounce plugin. Apache JS ...
Show More |
|||||
| CVE-2022-28717 | 1 Meikyo | 30 Poe Boot Nino Poe8m2, Poe Boot Nino Poe8m2 Firmware, Pose Se10-8a7b1 and 27 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Cross-site scripting vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, WATCH BOOT mini RPC-M4H [End of Sale] all firmware versions, WATCH BOOT nino RPC-M2CS firmware version 1.00A to 1.00D, WATCH BOOT light RPC-M5CS firmware version 1.00A to 1.00D, WATCH BOOT L-zero RPC-M4LS firmware version 1.00A to 1.20A, and Signage Rebooter RPC-M4HS ...
Show More |
|||||
| CVE-2022-28716 | 1 F5 | 3 Big-ip Advanced Firewall Manager, Big-ip Carrier-grade Nat, Big-ip Policy Enforcement Manager | 2024-11-21 | 6.8 MEDIUM | 7.5 HIGH |
|
On 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x 11.6.x, a DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP AFM, CGNAT, and PEM Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluate ...
Show More |
|||||
| CVE-2022-28715 | 1 Cybozu | 1 Office | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.
|
|||||
| CVE-2022-28712 | 1 Wwbn | 1 Avideo | 2024-11-21 | N/A | 9.0 CRITICAL |
|
A cross-site scripting (xss) vulnerability exists in the videoAddNew functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.
|
|||||
| CVE-2022-28707 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 3.5 LOW | 8.0 HIGH |
|
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility (also referred to as the BIG-IP TMUI) that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
|
|||||
| CVE-2022-28703 | 1 Lansweeper | 1 Lansweeper | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability.
|
|||||