Total
44409 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34173 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 5.4 Medium |
| In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | ||||
| CVE-2022-34172 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 5.4 Medium |
| In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2022-34171 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 5.4 Medium |
| In Jenkins 2.321 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' (until Jenkins 2.334) and 'alt' attribute of 'l:icon' (since Jenkins 2.335) without further escaping, resulting in a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2022-34170 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 5.4 Medium |
| In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | ||||
| CVE-2022-34167 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-11-21 | 5.4 Medium |
| IBM CICS TX Standard and Advanced 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229432. | ||||
| CVE-2022-34166 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-11-21 | 5.4 Medium |
| IBM CICS TX Standard and Advanced 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229430. | ||||
| CVE-2022-34163 | 1 Ibm | 1 Cics Tx | 2024-11-21 | 6.1 Medium |
| IBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229333. | ||||
| CVE-2022-34160 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-11-21 | 5.4 Medium |
| IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 229330. | ||||
| CVE-2022-34140 | 1 Feehi | 1 Feehi Cms | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field. | ||||
| CVE-2022-34094 | 1 Softwarepublico | 1 I3geo | 2024-11-21 | 6.1 Medium |
| Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via request_token.php. | ||||
| CVE-2022-34093 | 1 Softwarepublico | 1 I3geo | 2024-11-21 | 6.1 Medium |
| Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via access_token.php. | ||||
| CVE-2022-34092 | 1 Softwarepublico | 1 I3geo | 2024-11-21 | 6.1 Medium |
| Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via svg2img.php. | ||||
| CVE-2022-34048 | 1 Wavlink | 2 Wn533a8, Wn533a8 Firmware | 2024-11-21 | 6.1 Medium |
| Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login_page parameter. | ||||
| CVE-2022-34025 | 1 Vestacp | 1 Vesta Control Panel | 2024-11-21 | 6.1 Medium |
| Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the post function at /web/api/v1/upload/UploadHandler.php. | ||||
| CVE-2022-34009 | 2 Fossil-scm, Microsoft | 2 Fossil, Windows | 2024-11-21 | 5.5 Medium |
| Fossil 2.18 on Windows allows attackers to cause a denial of service (daemon crash) via an XSS payload in a ticket. This occurs because the ticket data is stored in a temporary file, and the product does not properly handle the absence of this file after Windows Defender has flagged it as malware. | ||||
| CVE-2022-34007 | 1 Eqs | 1 Integrity Line | 2024-11-21 | 6.1 Medium |
| EQS Integrity Line Professional through 2022-07-01 allows a stored XSS via a crafted whistleblower entry. | ||||
| CVE-2022-33994 | 1 Gutenberg Project | 1 Gutenberg | 2024-11-21 | 3.0 Low |
| The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the "Insert from URL" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous attempts by low-privileged users to reference SVG documents are blocked by some similar products, and this behavioral difference might have security relevance to some WordPress site administrators. | ||||
| CVE-2022-33935 | 1 Dell | 1 Emc Data Protection Advisor | 2024-11-21 | 5.4 Medium |
| Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | ||||
| CVE-2022-33929 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | 6.1 Medium |
| Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in EndUserSummary page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | ||||
| CVE-2022-33910 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 5.4 Medium |
| An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, file_download.php opens the SVG document in a browser tab instead of downloading it as a file, causing the JavaScript code to execute. | ||||