Total
44433 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-40440 | 1 Jgraph | 1 Mxgraph | 2024-11-21 | 6.1 Medium |
| mxGraph v4.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the setTooltips() function. | ||||
| CVE-2022-40365 | 1 Gocron Project | 1 Gocron | 2024-11-21 | 6.1 Medium |
| Cross site scripting (XSS) vulnerability in ouqiang gocron through 1.5.3, allows attackers to execute arbitrary code via scope.row.hostname in web/vue/src/pages/taskLog/list.vue. | ||||
| CVE-2022-40325 | 1 Sysaid | 1 Help Desk | 2024-11-21 | 6.1 Medium |
| SysAid Help Desk before 22.1.65 allows XSS via the Asset Dashboard, aka FR# 67262. | ||||
| CVE-2022-40324 | 1 Sysaid | 1 Help Desk | 2024-11-21 | 6.1 Medium |
| SysAid Help Desk before 22.1.65 allows XSS via the Linked SRs field, aka FR# 67258. | ||||
| CVE-2022-40323 | 1 Sysaid | 1 Help Desk | 2024-11-21 | 6.1 Medium |
| SysAid Help Desk before 22.1.65 allows XSS in the Password Services module, aka FR# 67241. | ||||
| CVE-2022-40322 | 1 Sysaid | 1 Help Desk | 2024-11-21 | 6.1 Medium |
| SysAid Help Desk before 22.1.65 allows XSS, aka FR# 66542 and 65579. | ||||
| CVE-2022-40317 | 1 Openkm | 1 Openkm | 2024-11-21 | 5.4 Medium |
| OpenKM 6.3.11 allows stored XSS related to the javascript: substring in an A element. | ||||
| CVE-2022-40257 | 1 Cert | 1 Vince | 2024-11-21 | 5.4 Medium |
| An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via a crafted email with HTML content in the Subject field. | ||||
| CVE-2022-40248 | 1 Cert | 1 Vince | 2024-11-21 | 5.4 Medium |
| An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via form using the "Product Affected" field. | ||||
| CVE-2022-40209 | 1 Xylusthemes | 1 Wp Smart Import | 2024-11-21 | 6.1 Medium |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xylus Themes WP Smart Import plugin <= 1.0.2 on WordPress. | ||||
| CVE-2022-40181 | 1 Siemens | 20 Desigo Pxm30-1, Desigo Pxm30-1 Firmware, Desigo Pxm30.e and 17 more | 2024-11-21 | 8.3 High |
| A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). The device embedded browser does not prevent interaction with alternative URI schemes when redirected to corresponding resources by web application code. By setting the homepage URI, the favorite URIs, or redirecting embedded browser users via JavaScript code to alternative scheme resources, a remote low privileged attacker can perform a range of attacks against the device, such as read arbitrary files on the filesystem, execute arbitrary JavaScript code in order to steal or manipulate the information on the screen, or trigger denial of service conditions. | ||||
| CVE-2022-40178 | 1 Siemens | 20 Desigo Pxm30-1, Desigo Pxm30-1 Firmware, Desigo Pxm30.e and 17 more | 2024-11-21 | 5.4 Medium |
| A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). Improper Neutralization of Input During Web Page Generation exists in the “Import Files“ functionality of the “Operation” web application, due to the missing validation of the titles of files included in the input package. By uploading a specifically crafted graphics package, a remote low-privileged attacker can execute arbitrary JavaScript code. | ||||
| CVE-2022-40047 | 1 Flatpress | 1 Flatpress | 2024-11-21 | 5.4 Medium |
| Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php. | ||||
| CVE-2022-3968 | 1 Emlog | 1 Emlog | 2024-11-21 | 3.5 Low |
| A vulnerability has been found in emlog and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/article_save.php. The manipulation of the argument tag leads to cross site scripting. The attack can be launched remotely. The name of the patch is 5bf7a79826e0ea09bcc8a21f69a0c74107761a02. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213547. | ||||
| CVE-2022-3950 | 1 Publiccms | 1 Publiccms | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. Affected is the function initLink of the file dwz.min.js of the component Tab Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a972dc9b1c94aea2d84478bf26283904c21e4ca2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213456. | ||||
| CVE-2022-3844 | 1 Webmin | 1 Webmin | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in Webmin 2.001. Affected is an unknown function of the file xterm/index.cgi. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.003 is able to address this issue. The patch is identified as d3d33af3c0c3fd3a889c84e287a038b7a457d811. It is recommended to upgrade the affected component. VDB-212862 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-3716 | 1 Oretnom23 | 1 Online Medicine Ordering System | 2024-11-21 | 3.5 Low |
| A vulnerability classified as problematic was found in SourceCodester Online Medicine Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /omos/admin/?page=user/list. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-212347. | ||||
| CVE-2022-3704 | 1 Rubyonrails | 1 Rails | 2024-11-21 | 3.5 Low |
| A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The real existence of this vulnerability is still doubted at the moment. The name of the patch is be177e4566747b73ff63fd5f529fab564e475ed4. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212319. NOTE: Maintainer declares that there isn’t a valid attack vector. The issue was wrongly reported as a security vulnerability by a non-member of the Rails team. | ||||
| CVE-2022-3587 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2024-11-21 | 3.5 Low |
| A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component My Account. The manipulation of the argument First Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211201 was assigned to this vulnerability. | ||||
| CVE-2022-3581 | 1 Oretnom23 | 1 Cashier Queuing System | 2024-11-21 | 2.4 Low |
| A vulnerability, which was classified as problematic, was found in SourceCodester Cashier Queuing System 1.0. Affected is an unknown function of the component Cashiers Tab. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-211188. | ||||