Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24374 | 1 Appleple | 1 A-blog Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-23916.
|
|||||
| CVE-2022-24347 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon.
|
|||||
| CVE-2022-24344 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page.
|
|||||
| CVE-2022-24339 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.
|
|||||
| CVE-2022-24338 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.
|
|||||
| CVE-2022-24238 | 1 Aceware | 1 Aceweb Online Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp.
|
|||||
| CVE-2022-24229 | 1 Onlyoffice | 1 Document Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor.
|
|||||
| CVE-2022-24181 | 1 Public Knowledge Project | 1 Open Journal Systems | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote attackers to inject arbitary code via the X-Forwarded-Host Header.
|
|||||
| CVE-2022-24177 | 1 Exlibrisgroup | 1 Aleph 500 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the component cgi-bin/ej.cgi of Ex libris ALEPH 500 v18.1 and v20 allows attackers to execute arbitrary web scripts or HTML.
|
|||||
| CVE-2022-24135 | 1 Qingscan Project | 1 Qingscan | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
QingScan 1.3.0 is affected by Cross Site Scripting (XSS) vulnerability in all search functions.
|
|||||
| CVE-2022-24131 | 1 Douco | 1 Douphp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution.
|
|||||
| CVE-2022-24127 | 1 Vanderbilt | 1 Redcap | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A Stored Cross-Site Scripting (XSS) vulnerability was discovered in ProjectGeneral/edit_project_settings.php in REDCap 12.0.11. This issue allows any user with project management permissions to inject arbitrary code into the project title (app_title) field when editing an existing project. The payload is then reflected within the title tag of the page.
|
|||||
| CVE-2022-24123 | 1 Marktext | 1 Marktext | 2024-11-21 | 6.8 MEDIUM | 9.0 CRITICAL |
|
MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This could lead to Remote Code Execution via a .md file containing a mutation Cross-Site Scripting (XSS) payload.
|
|||||
| CVE-2022-24004 | 1 Vanderbilt | 1 Redcap | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Messenger/messenger_ajax.php in REDCap 12.0.11. This issue allows any authenticated user to inject arbitrary code into the messenger title (aka new_title) field when editing an existing conversation. The payload executes in the browser of any conversation participant with the sidebar shown.
|
|||||
| CVE-2022-23993 | 1 Pfsense | 2 Pfsense, Pfsense Plus | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
/usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS.
|
|||||
| CVE-2022-23988 | 1 Westguardsolutions | 1 Ws Form | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape submitted form data, allowing unauthenticated attacker to submit XSS payloads which will get executed when a privileged user will view the related submission
|
|||||
| CVE-2022-23987 | 1 Westguardsolutions | 1 Ws Form | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape their Form Name, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
|
|||||
| CVE-2022-23980 | 1 Yet Another Stars Rating Project | 1 Yet Another Stars Rating | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability discovered in Yasr – Yet Another Stars Rating WordPress plugin (versions <= 2.9.9), vulnerable at parameter 'source'.
|
|||||
| CVE-2022-23916 | 1 Appleple | 1 A-blog Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-24374.
|
|||||
| CVE-2022-23912 | 1 Accesspressthemes | 1 Ap Custom Testimonial | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not sanitise and escape the id parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting
|
|||||
| CVE-2022-23907 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage.
|
|||||
| CVE-2022-23903 | 1 Pearadmin | 1 Pear Admin Think | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A Cross Site Scripting (XSS) vulnerability exists in pearadmin pear-admin-think <=5.0.6, which allows a login account to access arbitrary functions and cause stored XSS through a fake User-Agent.
|
|||||
| CVE-2022-23896 | 1 Admidio | 1 Admidio | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Admidio 4.1.2 version is affected by stored cross-site scripting (XSS).
|
|||||
| CVE-2022-23872 | 1 Emlog | 1 Emlog | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Emlog pro v1.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /admin/configure.php via the parameter footer_info.
|
|||||
| CVE-2022-23871 | 1 Gibbonedu | 1 Gibbon | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in the component outcomes_addProcess.php of Gibbon CMS v22.0.01 allow attackers to execute arbitrary web scripts or HTML via a crafted payload insterted into the name, category, description parameters.
|
|||||
| CVE-2022-23801 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media.
|
|||||
| CVE-2022-23800 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vulnerabilities in various components.
|
|||||
| CVE-2022-23796 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using com_fields.
|
|||||
| CVE-2022-23791 | 1 Firmanet | 1 Customer Relation Manager | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firmanet Software and Technology Customer Relation Manager allows Cross-Site Scripting (XSS).This issue affects Customer Relation Manager: before 2022.03.13.
|
|||||
| CVE-2022-23790 | 1 Firmanet | 1 Technology Customer Relation Manager | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firmanet Software and Technology Customer Relation Manager allows Cross-Site Scripting (XSS).This issue affects Customer Relation Manager: before 2022.03.13.
|
|||||
| CVE-2022-23733 | 1 Github | 1 Enterprise Server | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github's Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.3.11, 3.4.6 and 3.5.3. This vulnerability was reported via the GitHub Bug Bounty program.
|
|||||
| CVE-2022-23713 | 1 Elastic | 1 Kibana | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site-scripting (XSS) vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser.
|
|||||
| CVE-2022-23710 | 1 Elastic | 1 Kibana | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow arbitrary JavaScript to be executed in a victim’s browser.
|
|||||
| CVE-2022-23707 | 1 Elastic | 1 Kibana | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users
|
|||||
| CVE-2022-23706 | 1 Hp | 1 Oneview | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.
|
|||||
| CVE-2022-23697 | 1 Hp | 1 Oneview | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
|
|||||
| CVE-2022-23675 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
|
|||||
| CVE-2022-23674 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
|
|||||
| CVE-2022-23659 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A remote reflected cross site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
|
|||||
| CVE-2022-23656 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 3.5 LOW | 4.6 MEDIUM |
|
Zulip is an open source team chat app. The `main` development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attacker could maliciously craft a full name for their account and send messages to a topic with several participants; a victim who then opens an overflow tooltip including this full name on the recent topics page could trigger execution of JavaScript code controlled by the attacker. Users running a Zulip ...
Show More |
|||||