Total
44297 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-28717 | 1 Meikyo | 30 Poe Boot Nino Poe8m2, Poe Boot Nino Poe8m2 Firmware, Pose Se10-8a7b1 and 27 more | 2024-11-21 | 4.8 Medium |
| Cross-site scripting vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, WATCH BOOT mini RPC-M4H [End of Sale] all firmware versions, WATCH BOOT nino RPC-M2CS firmware version 1.00A to 1.00D, WATCH BOOT light RPC-M5CS firmware version 1.00A to 1.00D, WATCH BOOT L-zero RPC-M4LS firmware version 1.00A to 1.20A, and Signage Rebooter RPC-M4HSi firmware version 1.00A), PoE Rebooter(PoE BOOT nino PoE8M2 firmware version 1.00A to 1.20A), Scheduler(TIME BOOT mini RSC-MT4H [End of Sale] all firmware versions, TIME BOOT RSC-MT8F [End of Sale] all firmware versions, TIME BOOT RSC-MT8FP [End of Sale] all firmware versions, TIME BOOT mini RSC-MT4HS firmware version 1.00A to 1.10A, and TIME BOOT RSC-MT8FS firmware version 1.00A to 1.00E), and Contact Converter(POSE SE10-8A7B1 firmware version 1.00A to 1.20A) allows a remote attacker with the administrative privilege to inject an arbitrary script via unspecified vectors. | ||||
| CVE-2022-28716 | 1 F5 | 3 Big-ip Advanced Firewall Manager, Big-ip Carrier-grade Nat, Big-ip Policy Enforcement Manager | 2024-11-21 | 7.5 High |
| On 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x 11.6.x, a DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP AFM, CGNAT, and PEM Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2022-28715 | 1 Cybozu | 1 Office | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors. | ||||
| CVE-2022-28707 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 8 High |
| On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility (also referred to as the BIG-IP TMUI) that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2022-28650 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 7.3 High |
| In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI | ||||
| CVE-2022-28648 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 5.7 Medium |
| In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered | ||||
| CVE-2022-28624 | 1 Hpe | 4 Flexfabric 5945, Flexfabric 5945 Firmware, Flexnetwork 5130 Ei and 1 more | 2024-11-21 | 4.8 Medium |
| A potential security vulnerability has been identified in certain HPE FlexNetwork and FlexFabric switch products. The vulnerability could be remotely exploited to allow cross site scripting (XSS). HPE has made the following software updates to resolve the vulnerability. HPE FlexNetwork 5130EL_7.10.R3507P02 and HPE FlexFabric 5945_7.10.R6635. | ||||
| CVE-2022-28599 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack. | ||||
| CVE-2022-28598 | 1 Frappe | 1 Erpnext | 2024-11-21 | 6.1 Medium |
| Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users. | ||||
| CVE-2022-28589 | 1 Pixelimity | 1 Pixelimity | 2024-11-21 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in Pixelimity 1.0 allows attackers to execute arbitrary web scripts or HTML via the Title field in admin/pages.php?action=add_new | ||||
| CVE-2022-28588 | 1 Springbootmovie Project | 1 Springbootmovie | 2024-11-21 | 5.4 Medium |
| In SpringBootMovie <=1.2 when adding movie names, malicious code can be stored because there are no filtering parameters, resulting in stored XSS. | ||||
| CVE-2022-28586 | 1 Hoosk | 1 Hoosk | 2024-11-21 | 6.1 Medium |
| XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars. | ||||
| CVE-2022-28545 | 1 Fudforum | 1 Fudforum | 2024-11-21 | 5.4 Medium |
| FUDforum 3.1.1 is vulnerable to Stored XSS. | ||||
| CVE-2022-28522 | 1 Zcms Project | 1 Zcms | 2024-11-21 | 5.4 Medium |
| ZCMS v20170206 was discovered to contain a stored cross-site scripting (XSS) vulnerability via index.php?m=home&c=message&a=add. | ||||
| CVE-2022-28508 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 6.1 Medium |
| An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field. | ||||
| CVE-2022-28507 | 1 Bdt-121 Project | 2 Bdt-121, Bdt-121 Firmware | 2024-11-21 | 4.8 Medium |
| Dragon Path Technologies Bharti Airtel Routers Hardware BDT-121 version 1.0 is vulnerable to Cross Site Scripting (XSS) via Dragon path router admin page. | ||||
| CVE-2022-28479 | 1 Seeddms | 1 Seeddms | 2024-11-21 | 4.8 Medium |
| SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS. An attacker with admin privileges can inject the payload inside the "Role management" menu and then trigger the payload by loading the "Users management" menu | ||||
| CVE-2022-28477 | 1 Wbce | 1 Wbce Cms | 2024-11-21 | 6.1 Medium |
| WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2022-28464 | 1 Apifox | 1 Apifox | 2024-11-21 | 9.0 Critical |
| Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which can lead to remote code execution. | ||||
| CVE-2022-28454 | 1 Limbas | 1 Limbas | 2024-11-21 | 6.1 Medium |
| Limbas 4.3.36.1319 is vulnerable to Cross Site Scripting (XSS). | ||||