Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28650 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 3.5 LOW | 7.3 HIGH |
|
In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI
|
|||||
| CVE-2022-28648 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 3.5 LOW | 5.7 MEDIUM |
|
In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered
|
|||||
| CVE-2022-28624 | 1 Hpe | 4 Flexfabric 5945, Flexfabric 5945 Firmware, Flexnetwork 5130 Ei and 1 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A potential security vulnerability has been identified in certain HPE FlexNetwork and FlexFabric switch products. The vulnerability could be remotely exploited to allow cross site scripting (XSS). HPE has made the following software updates to resolve the vulnerability. HPE FlexNetwork 5130EL_7.10.R3507P02 and HPE FlexFabric 5945_7.10.R6635.
|
|||||
| CVE-2022-28612 | 1 Custom Popup Builder Project | 1 Custom Popup Builder | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Improper Access Control vulnerability leading to multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Muneeb's Custom Popup Builder plugin <= 1.3.1 at WordPress.
|
|||||
| CVE-2022-28599 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack.
|
|||||
| CVE-2022-28598 | 1 Frappe | 1 Erpnext | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users.
|
|||||
| CVE-2022-28589 | 1 Pixelimity | 1 Pixelimity | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in Pixelimity 1.0 allows attackers to execute arbitrary web scripts or HTML via the Title field in admin/pages.php?action=add_new
|
|||||
| CVE-2022-28588 | 1 Springbootmovie Project | 1 Springbootmovie | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
In SpringBootMovie <=1.2 when adding movie names, malicious code can be stored because there are no filtering parameters, resulting in stored XSS.
|
|||||
| CVE-2022-28586 | 1 Hoosk | 1 Hoosk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars.
|
|||||
| CVE-2022-28545 | 1 Fudforum | 1 Fudforum | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
FUDforum 3.1.1 is vulnerable to Stored XSS.
|
|||||
| CVE-2022-28522 | 1 Zcms Project | 1 Zcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
ZCMS v20170206 was discovered to contain a stored cross-site scripting (XSS) vulnerability via index.php?m=home&c=message&a=add.
|
|||||
| CVE-2022-28508 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.
|
|||||
| CVE-2022-28507 | 1 Bdt-121 Project | 2 Bdt-121, Bdt-121 Firmware | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Dragon Path Technologies Bharti Airtel Routers Hardware BDT-121 version 1.0 is vulnerable to Cross Site Scripting (XSS) via Dragon path router admin page.
|
|||||
| CVE-2022-28479 | 1 Seeddms | 1 Seeddms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS. An attacker with admin privileges can inject the payload inside the "Role management" menu and then trigger the payload by loading the "Users management" menu
|
|||||
| CVE-2022-28477 | 1 Wbce | 1 Wbce Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS).
|
|||||
| CVE-2022-28464 | 1 Apifox | 1 Apifox | 2024-11-21 | 6.0 MEDIUM | 9.0 CRITICAL |
|
Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which can lead to remote code execution.
|
|||||
| CVE-2022-28454 | 1 Limbas | 1 Limbas | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Limbas 4.3.36.1319 is vulnerable to Cross Site Scripting (XSS).
|
|||||
| CVE-2022-28450 | 1 Nopcommerce | 1 Nopcommerce | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the "Text" parameter (forums) when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser.
|
|||||
| CVE-2022-28449 | 1 Nopcommerce | 1 Nopcommerce | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At Apply for vendor account feature, an attacker can upload an arbitrary file to the system.
|
|||||
| CVE-2022-28448 | 1 Nopcommerce | 1 Nopcommerce | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An attacker (role customer) can inject javascript code to First name or Last name at Customer Info.
|
|||||
| CVE-2022-28379 | 1 Nginxproxymanager | 1 Nginx Proxy Manager | 2024-11-21 | 3.5 LOW | 6.8 MEDIUM |
|
jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion.
|
|||||
| CVE-2022-28378 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Craft CMS before 3.7.29 allows XSS.
|
|||||
| CVE-2022-28368 | 1 Dompdf Project | 1 Dompdf | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file).
|
|||||
| CVE-2022-28367 | 1 Antisamy Project | 1 Antisamy | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content.
|
|||||
| CVE-2022-28290 | 1 Welaunch | 1 Wordpress Country Selector | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP request
|
|||||
| CVE-2022-28222 | 1 Cleantalk | 1 Antispam | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter in`/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php`
|
|||||
| CVE-2022-28221 | 1 Cleantalk | 1 Antispam | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter in`/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Comments.php`
|
|||||
| CVE-2022-28216 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated attacker due to improper sanitization of the user inputs on the network. On successful exploitation, an attacker can access certain reports causing a limited impact on confidentiality of the application data.
|
|||||
| CVE-2022-28202 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete.
|
|||||
| CVE-2022-28172 | 1 Hikvision | 22 Ds-a71024, Ds-a71024 Firmware, Ds-a71048 and 19 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to XSS attack by sending messages with malicious commands to the affected device.
|
|||||
| CVE-2022-28159 | 1 Jenkins | 1 Tests Selector | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-28153 | 1 Jenkins | 1 Sitemonitor | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins SiteMonitor Plugin 0.6 and earlier does not escape URLs of sites to monitor in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-28149 | 1 Jenkins | 1 Job And Node Ownership | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2022-28145 | 1 Jenkins | 1 Continuous Integration With Toad Edge | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier does not apply Content-Security-Policy headers to report files it serves, resulting in a stored cross-site scripting (XSS) exploitable by attackers with Item/Configure permission or otherwise able to control report contents.
|
|||||
| CVE-2022-28133 | 1 Jenkins | 1 Bitbucket Server Integration | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create BitBucket Server consumers.
|
|||||
| CVE-2022-28102 | 1 Php Mysql Admin Panel Generator Project | 1 Php Mysql Admin Panel Generator | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Generator v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected at /edit-db.php.
|
|||||
| CVE-2022-28101 | 1 Lyonbros | 1 Turtl | 2024-11-21 | 6.0 MEDIUM | 9.0 CRITICAL |
|
Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> tag during markdown parsing, allowing attackers to execute HTML injection.
|
|||||
| CVE-2022-28094 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the fid parameter at booking.php.
|
|||||
| CVE-2022-28081 | 1 Ar-php | 1 Arphp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A reflected cross-site scripting (XSS) vulnerability in the component Query.php of arPHP v3.6.0 allows attackers to execute arbitrary web scripts.
|
|||||
| CVE-2022-28078 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['page'] parameter.
|
|||||