Total
44414 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-35194 | 1 Testlink | 1 Testlink | 2024-11-21 | 5.4 Medium |
| TestLink v1.9.20 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /lib/inventory/inventoryView.php. | ||||
| CVE-2022-35174 | 1 Getkirby | 1 Starterkit | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in Kirby's Starterkit v3.7.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Tags field. | ||||
| CVE-2022-35172 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-11-21 | 6.1 Medium |
| SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2022-35170 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-11-21 | 6.1 Medium |
| SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. This leads to limited impact on confidentiality and integrity of data. | ||||
| CVE-2022-35163 | 1 Complete Online Job Search System Project | 1 Complete Online Job Search System | 2024-11-21 | 4.8 Medium |
| Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the U_NAME parameter at /category/controller.php?action=edit. | ||||
| CVE-2022-35162 | 1 Complete Online Job Search System Project | 1 Complete Online Job Search System | 2024-11-21 | 4.8 Medium |
| Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the CATEGORY parameter at /category/controller.php?action=edit. | ||||
| CVE-2022-35151 | 1 Keking | 1 Kkfileview | 2024-11-21 | 6.1 Medium |
| kkFileView v4.1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java. | ||||
| CVE-2022-35144 | 1 Raneto Project | 1 Raneto | 2024-11-21 | 4.8 Medium |
| Renato v0.17.0 was discovered to contain a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2022-35133 | 1 Cherrytree Project | 1 Cherrytree | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node. | ||||
| CVE-2022-35131 | 1 Joplinapp | 1 Joplin | 2024-11-21 | 9.0 Critical |
| Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles. | ||||
| CVE-2022-35118 | 1 Pyrocms | 1 Pyrocms | 2024-11-21 | 6.1 Medium |
| PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities. | ||||
| CVE-2022-35117 | 1 Oretnom23 | 1 Clinic\'s Patient Management System | 2024-11-21 | 4.8 Medium |
| Clinic's Patient Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via update_medicine_details.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Packing text box under the Update Medical Details module. | ||||
| CVE-2022-34991 | 1 Techvill | 1 Paymoney | 2024-11-21 | 5.4 Medium |
| Paymoney v3.3 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the first_name and last_name parameters. | ||||
| CVE-2022-34988 | 1 Inoutscripts | 1 Blockchain Altexchanger | 2024-11-21 | 5.4 Medium |
| Inout Blockchain AltExchanger v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/js. | ||||
| CVE-2022-34966 | 1 Openteknik | 1 Open Source Social Network | 2024-11-21 | 7.5 High |
| OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML injection vulnerability via the location parameter at http://ip_address/:port/ossn/home. | ||||
| CVE-2022-34964 | 1 Openteknik | 1 Open Source Social Network | 2024-11-21 | 4.8 Medium |
| OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the SitePages module. | ||||
| CVE-2022-34963 | 1 Openteknik | 1 Open Source Social Network | 2024-11-21 | 5.4 Medium |
| OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the News Feed module. | ||||
| CVE-2022-34962 | 1 Openteknik | 1 Open Source Social Network | 2024-11-21 | 5.4 Medium |
| OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Group Timeline module. | ||||
| CVE-2022-34961 | 1 Openteknik | 1 Open Source Social Network | 2024-11-21 | 5.4 Medium |
| OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Users Timeline module. | ||||
| CVE-2022-34911 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-11-21 | 6.1 Medium |
| An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showSuccessPage() with a message as second parameter, and OutputPage::setPageTitle() uses text(). | ||||