Total
44422 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-37153 | 1 Articatech | 1 Artica Proxy | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password parameter in /fw.login.php. | ||||
| CVE-2022-37150 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2024-11-21 | 5.4 Medium |
| An issue was discovered in Online Diagnostic Lab Management System 1.0. There is a stored XSS vulnerability via firstname, address, middlename, lastname , gender, email, contact parameters. | ||||
| CVE-2022-37059 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary code via Login Field | ||||
| CVE-2022-37044 | 1 Zimbra | 1 Collaboration | 2024-11-21 | 6.1 Medium |
| In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/search?action accepts parameters called extra, title, and onload that are partially sanitised and lead to reflected XSS that allows executing arbitrary JavaScript on the victim's machine. | ||||
| CVE-2022-36967 | 1 Progress | 1 Ipswitch Ws Ftp Server | 2024-11-21 | 6.1 Medium |
| In Progress WS_FTP Server prior to version 8.7.3, multiple reflected cross-site scripting (XSS) vulnerabilities exist in the administrative web interface. It is possible for a remote attacker to inject arbitrary JavaScript into a WS_FTP administrator's web session. This would allow the attacker to execute code within the context of the victim's browser. | ||||
| CVE-2022-36948 | 1 Veritas | 1 Netbackup | 2024-11-21 | 5.4 Medium |
| In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. | ||||
| CVE-2022-36922 | 1 Jenkins | 1 Lucene-search | 2024-11-21 | 6.1 Medium |
| Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the 'search' result page, resulting in a reflected cross-site scripting (XSS) vulnerability. | ||||
| CVE-2022-36905 | 1 Jenkins | 1 Maven Metadata | 2024-11-21 | 5.4 Medium |
| Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-36902 | 1 Jenkins | 1 Dynamic Extended Choice Parameter | 2024-11-21 | 5.4 Medium |
| Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-36880 | 1 Webmin | 2 Usermin, Webmin | 2024-11-21 | 6.1 Medium |
| The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message. | ||||
| CVE-2022-36859 | 1 Samsung | 1 Smarttagplugin | 2024-11-21 | 5.7 Medium |
| Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.21-6 allows privileged attackers to trigger a XSS on a victim's devices. | ||||
| CVE-2022-36801 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-11-21 | 6.1 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (RXSS) vulnerability in the TeamManagement.jspa endpoint. The affected versions are before version 8.20.8. | ||||
| CVE-2022-36778 | 1 Synel | 1 Eharmony | 2024-11-21 | 6.5 Medium |
| insert HTML / js code inside input how to get to the vulnerable input : Workers > worker nickname > inject in this input the code. | ||||
| CVE-2022-36748 | 1 Picuploader Project | 1 Picuploader | 2024-11-21 | 6.1 Medium |
| PicUploader v2.6.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /master/index.php. | ||||
| CVE-2022-36747 | 1 Cobub | 1 Razor | 2024-11-21 | 6.1 Medium |
| Razor v0.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the function uploadchannel(). | ||||
| CVE-2022-36746 | 1 Librenms | 1 Librenms | 2024-11-21 | 6.1 Medium |
| LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component oxidized-cfg-check.inc.php. | ||||
| CVE-2022-36745 | 1 Librenms | 1 Librenms | 2024-11-21 | 6.1 Medium |
| LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component print-customoid.php. | ||||
| CVE-2022-36668 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | 5.4 Medium |
| Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting (XSS) on several parameters. The vulnerabilities exist during creating or editing the parts under parameters. Using the XSS payload, the Stored XSS triggered and can be used for further attack vector. | ||||
| CVE-2022-36657 | 1 Library Management System Project | 1 Library Management System | 2024-11-21 | 4.8 Medium |
| Library Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /librarian/edit_book_details.php. | ||||
| CVE-2022-36639 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in /client.php of Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | ||||