Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28077 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['s'] parameter.
|
|||||
| CVE-2022-28074 | 1 Fit2cloud | 1 Halo | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Halo-1.5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via \admin\index.html#/system/tools.
|
|||||
| CVE-2022-28051 | 1 Seeddms | 1 Seeddms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The "Add category" functionality inside the "Global Keywords" menu in "SeedDMS" version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code.
|
|||||
| CVE-2022-27961 | 1 Ofcms Project | 1 Ofcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box.
|
|||||
| CVE-2022-27920 | 2 Fedoraproject, Kiwix | 2 Fedora, Libkiwix | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. This is fixed in 10.1.0.
|
|||||
| CVE-2022-27914 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A | 6.1 MEDIUM |
|
An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media.
|
|||||
| CVE-2022-27913 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A | 6.1 MEDIUM |
|
An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components.
|
|||||
| CVE-2022-27910 | 1 Joomlatools | 1 Docman | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Joomla component 'Joomlatools - DOCman 3.5.13 (and likely most versions below)' are affected to an reflected Cross-Site Scripting (XSS) in an image upload function
|
|||||
| CVE-2022-27894 | 1 Palantir | 1 Foundry Blobster | 2024-11-21 | N/A | 4.8 MEDIUM |
|
The Foundry Blobster service was found to have a cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Foundry to launch attacks against other users. This vulnerability is resolved in Blobster 3.228.0.
|
|||||
| CVE-2022-27887 | 1 Maccms | 1 Maccms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter.
|
|||||
| CVE-2022-27886 | 1 Maccms | 1 Maccms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/ulog/index.html via the wd parameter.
|
|||||
| CVE-2022-27885 | 1 Maccms | 1 Maccms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters.
|
|||||
| CVE-2022-27884 | 1 Maccms | 1 Maccms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/plog/index.html via the wd parameter.
|
|||||
| CVE-2022-27880 | 1 F5 | 1 Traffix Signaling Delivery Controller | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
|
|||||
| CVE-2022-27878 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2024-11-21 | 6.0 MEDIUM | 6.8 MEDIUM |
|
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
|
|||||
| CVE-2022-27860 | 1 Footer-text Project | 1 Footer-text | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) in Shea Bunge's Footer Text plugin <= 2.0.3 on WordPress.
|
|||||
| CVE-2022-27859 | 1 Nicdark | 1 Nd-travel | 2024-11-21 | 3.5 LOW | 4.1 MEDIUM |
|
Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark d.o.o. Travel Management plugin <= 2.0 at WordPress.
|
|||||
| CVE-2022-27856 | 1 Atlasgondal | 1 Export All Urls | 2024-11-21 | N/A | 3.4 LOW |
|
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Atlas Gondal Export All URLs plugin <= 4.1 versions.
|
|||||
| CVE-2022-27854 | 1 Psychological Tests \& Quizzes Project | 1 Psychological Tests \& Quizzes | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher role via &wpt_test_page_submit_button_caption parameter.
|
|||||
| CVE-2022-27853 | 1 Contest-gallery | 1 Contest Gallery | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) in Contest Gallery (WordPress plugin) <= 13.1.0.9
|
|||||
| CVE-2022-27852 | 1 Wpchill | 1 Kb Support | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabilities in KB Support (WordPress plugin) <= 1.5.5 versions.
|
|||||
| CVE-2022-27848 | 1 Webnus | 1 Modern Events Calendar Lite | 2024-11-21 | 3.5 LOW | 3.4 LOW |
|
Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) <= 6.5.1
|
|||||
| CVE-2022-27845 | 1 Plausible | 1 Plausible Analytics | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) in PlausibleHQ Plausible Analytics (WordPress plugin) <= 1.2.2
|
|||||
| CVE-2022-27777 | 2 Debian, Rubyonrails | 2 Debian Linux, Actionpack | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.
|
|||||
| CVE-2022-27665 | 1 Progress | 1 Ws Ftp Server | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI.
|
|||||
| CVE-2022-27656 | 1 Sap | 3 Netweaver As Abap Kernel, Netweaver As Abap Krnl64uc, Webdispatcher | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
|
|||||
| CVE-2022-27637 | 1 Pukiwiki | 1 Pukiwiki | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Reflected cross-site scripting vulnerability in PukiWiki versions 1.5.1 to 1.5.3 allows a remote attacker to inject an arbitrary script via unspecified vectors.
|
|||||
| CVE-2022-27627 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser.
|
|||||
| CVE-2022-27561 | 1 Hcltech | 1 Traveler | 2024-11-21 | N/A | 7.5 HIGH |
|
There is a reflected Cross-Site Scripting vulnerability in the HCL Traveler web admin (LotusTraveler.nsf).
|
|||||
| CVE-2022-27546 | 1 Hcltech | 2 Domino, Hcl Inotes | 2024-11-21 | N/A | 8.3 HIGH |
|
HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser within the security context of the hosting web site and/or steal the victim's cookie-based authentication credentials.
|
|||||
| CVE-2022-27545 | 1 Hcltech | 1 Bigfix Platform | 2024-11-21 | N/A | 4.6 MEDIUM |
|
BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page.
|
|||||
| CVE-2022-27505 | 1 Citrix | 24 Sd-wan 1000, Sd-wan 1000 Firmware, Sd-wan 110 and 21 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Reflected cross site scripting (XSS)
|
|||||
| CVE-2022-27503 | 1 Citrix | 1 Storefront Server | 2024-11-21 | 2.6 LOW | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9
|
|||||
| CVE-2022-27496 | 1 Zero-channel Plus Project | 1 Zero-channel Plus | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting vulnerability in Zero-channel BBS Plus v0.7.4 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors.
|
|||||
| CVE-2022-27476 | 1 Newbee-mall Project | 1 Newbee-mall | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability at /admin/goods/update in Newbee-Mall v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the goodsName parameter.
|
|||||
| CVE-2022-27475 | 1 Hotel Management System Project | 1 Hotel Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross site scripting (XSS) vulnerability in tramyardg hotel-mgmt-system, allows attackers to execute arbitrary code when when /admin.php is loaded.
|
|||||
| CVE-2022-27462 | 1 Wwbn | 1 Avideo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in objects/function.php in function getDeviceID in WWBN AVideo through 11.6, via the yptDevice parameter to view/include/head.php.
|
|||||
| CVE-2022-27441 | 1 Tpcms Project | 1 Tpcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in TPCMS v3.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Phone text box.
|
|||||
| CVE-2022-27436 | 1 Ecommerce-website Project | 1 Ecommerce-website | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_user at Ecommerce-Website v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username text field.
|
|||||
| CVE-2022-27428 | 1 Gallerycms Project | 1 Gallerycms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in /index.php/album/add of GalleryCMS v2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the album_name parameter.
|
|||||