Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26874 | 2 Debian, Horde | 2 Debian Linux, Horde Mime Viewer | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering.
|
|||||
| CVE-2022-26866 | 1 Dell | 1 Powerstoreos | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
|
Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site Scripting vulnerability. A high privileged network attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session ...
Show More |
|||||
| CVE-2022-26842 | 1 Wwbn | 1 Avideo | 2024-11-21 | N/A | 9.6 CRITICAL |
|
A reflected cross-site scripting (xss) vulnerability exists in the charts tab selection functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.
|
|||||
| CVE-2022-26673 | 1 Asus | 2 Rt-ax88u, Rt-ax88u Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
ASUS RT-AX88U has insufficient filtering for special characters in the HTTP header parameter. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform Stored Cross-Site Scripting (XSS) attacks.
|
|||||
| CVE-2022-26624 | 1 Ecommerce Codeigniter Bootstrap Project | 1 Ecommerce Codeigniter Bootstrap | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Bootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Title parameter in /vendor/views/add_product.php.
|
|||||
| CVE-2022-26616 | 1 Public Knowledge Project | 1 Open Journal Systems | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
PKP Vendor Open Journal System v2.4.8 to v3.3.8 allows attackers to perform reflected cross-site scripting (XSS) attacks via crafted HTTP headers.
|
|||||
| CVE-2022-26615 | 1 College Website Content Management System Project | 1 College Website Content Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in College Website Content Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User Profile Name text fields.
|
|||||
| CVE-2022-26597 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the Layout module's Open Graph integration in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the site name.
|
|||||
| CVE-2022-26596 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Journal module's web content display configuration page in Liferay Portal 7.1.0 through 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 8, allows remote attackers to inject arbitrary web script or HTML via web content template names.
|
|||||
| CVE-2022-26594 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.5 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote attackers to inject arbitrary web script or HTML via a form field's help text to (1) Forms module's form builder, or (2) App Builder module's object form view's form builder.
|
|||||
| CVE-2022-26593 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset category.
|
|||||
| CVE-2022-26565 | 1 Totaljs | 1 Content Management System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Totaljs all versions before commit 95f54a5commit, allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Name text field when creating a new page.
|
|||||
| CVE-2022-26564 | 1 Digitaldruid | 1 Hoteldruid | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.
|
|||||
| CVE-2022-26555 | 1 Eova | 1 Eova | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in the Add a Button function of Eova v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the button name text box.
|
|||||
| CVE-2022-26497 | 1 Bigbluebutton | 1 Greenlight | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have a username containing a JavaScript payload. The payload gets executed in the browser of the victim in the "Share room access" dialog if the victim has shared access to the particular room with the attacker previously.
|
|||||
| CVE-2022-26494 | 1 Primekey | 1 Signserver | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An XSS was identified in the Admin Web interface of PrimeKey SignServer before 5.8.1. JavaScript code must be used in a worker name before a Generate CSR request. Only an administrator can update a worker name.
|
|||||
| CVE-2022-26483 | 1 Veritas | 1 Infoscale Operations Manager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. A reflected cross-site scripting (XSS) vulnerability in admin/cgi-bin/listdir.pl allows authenticated remote administrators to inject arbitrary web script or HTML into an HTTP GET parameter (which reflect the user input without sanitization).
|
|||||
| CVE-2022-26375 | 1 Abpressoptimizer | 1 Ab Press Optimizer | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mammothology AB Press Optimizer plugin <= 1.1.1 on WordPress.
|
|||||
| CVE-2022-26332 | 1 Cipi | 1 Cipi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field.
|
|||||
| CVE-2022-26331 | 1 Microfocus | 1 Arcsight Logger | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior versions.
|
|||||
| CVE-2022-26325 | 1 Microfocus | 1 Netiq Access Manager | 2024-11-21 | 4.3 MEDIUM | 2.9 LOW |
|
Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.2
|
|||||
| CVE-2022-26295 | 1 Online Project Time Management System Project | 1 Online Project Time Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in /ptms/?page=user of Online Project Time Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user name field.
|
|||||
| CVE-2022-26263 | 1 Yonyou | 1 U8\+ | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability via the component /u8sl/WebHelp.
|
|||||
| CVE-2022-26255 | 1 Clash Project | 1 Clash | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column.
|
|||||
| CVE-2022-26246 | 1 Tms Project | 1 Tms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
TMS v2.28.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /TMS/admin/setting/mail/createorupdate.
|
|||||
| CVE-2022-26244 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "special" field.
|
|||||
| CVE-2022-26197 | 1 Joget | 1 Joget Dx | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Joget DX 7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Datalist table.
|
|||||
| CVE-2022-26155 | 1 Cherwell | 1 Cherwell Service Management | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body.
|
|||||
| CVE-2022-26146 | 1 Tricentis | 1 Qtest | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Tricentis qTest before 10.4 allows stored XSS by an authenticated attacker.
|
|||||
| CVE-2022-26144 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An XSS issue was discovered in MantisBT before 2.25.3. Improper escaping of a Plugin name allows execution of arbitrary code (if CSP allows it) in manage_plugin_page.php and manage_plugin_uninstall.php when a crafted plugin is installed.
|
|||||
| CVE-2022-26114 | 1 Fortinet | 1 Fortimail | 2024-11-21 | N/A | 5.4 MEDIUM |
|
An improper neutralization of input during web page generation vulnerability [CWE-79] in the Webmail of FortiMail before 7.2.0 may allow an unauthenticated attacker to trigger a cross-site scripting (XSS) attack via sending specially crafted mail messages.
|
|||||
| CVE-2022-26105 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.
|
|||||
| CVE-2022-26101 | 1 Sap | 1 Fiori Launchpad | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
|
|||||
| CVE-2022-25875 | 1 Svelte | 1 Svelte | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
|
The package svelte before 3.49.0 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization and to improper escape of attributes when using objects during SSR (Server-Side Rendering). Exploiting this vulnerability is possible via objects with a custom toString() function.
|
|||||
| CVE-2022-25873 | 1 Vuetifyjs | 1 Vuetify | 2024-11-21 | N/A | 4.6 MEDIUM |
|
The package vuetify from 2.0.0-beta.4 and before 2.6.10 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization in the 'eventName' function within the VCalendar component.
|
|||||
| CVE-2022-25854 | 1 Tagify Project | 1 Tagify | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the XSS payload.
|
|||||
| CVE-2022-25802 | 1 Bestpractical | 1 Request Tracker | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment.
|
|||||
| CVE-2022-25784 | 1 Secomea | 18 Sitemanager 1129, Sitemanager 1129 Firmware, Sitemanager 1139 and 15 more | 2024-11-21 | 3.5 LOW | 9.1 CRITICAL |
|
Cross-site Scripting (XSS) vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting. This issue affects: Secomea SiteManager all versions prior to 9.7.
|
|||||
| CVE-2022-25781 | 1 Secomea | 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more | 2024-11-21 | 4.3 MEDIUM | 4.2 MEDIUM |
|
Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session.
|
|||||
| CVE-2022-25772 | 1 Acquia | 1 Mautic | 2024-11-21 | 4.3 MEDIUM | 9.6 CRITICAL |
|
A cross-site scripting (XSS) vulnerability in the web tracking component of Mautic before 4.3.0 allows remote attackers to inject executable javascript
|
|||||