Total
44294 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-23907 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 6.1 Medium |
| CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage. | ||||
| CVE-2022-23903 | 1 Pearadmin | 1 Pear Admin Think | 2024-11-21 | 5.4 Medium |
| A Cross Site Scripting (XSS) vulnerability exists in pearadmin pear-admin-think <=5.0.6, which allows a login account to access arbitrary functions and cause stored XSS through a fake User-Agent. | ||||
| CVE-2022-23896 | 1 Admidio | 1 Admidio | 2024-11-21 | 5.4 Medium |
| Admidio 4.1.2 version is affected by stored cross-site scripting (XSS). | ||||
| CVE-2022-23872 | 1 Emlog | 1 Emlog | 2024-11-21 | 4.8 Medium |
| Emlog pro v1.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /admin/configure.php via the parameter footer_info. | ||||
| CVE-2022-23871 | 1 Gibbonedu | 1 Gibbon | 2024-11-21 | 5.4 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in the component outcomes_addProcess.php of Gibbon CMS v22.0.01 allow attackers to execute arbitrary web scripts or HTML via a crafted payload insterted into the name, category, description parameters. | ||||
| CVE-2022-23733 | 1 Github | 1 Enterprise Server | 2024-11-21 | 5.4 Medium |
| A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github's Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.3.11, 3.4.6 and 3.5.3. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2022-23713 | 1 Elastic | 1 Kibana | 2024-11-21 | 6.1 Medium |
| A cross-site-scripting (XSS) vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser. | ||||
| CVE-2022-23710 | 1 Elastic | 1 Kibana | 2024-11-21 | 6.1 Medium |
| A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow arbitrary JavaScript to be executed in a victim’s browser. | ||||
| CVE-2022-23707 | 1 Elastic | 1 Kibana | 2024-11-21 | 5.4 Medium |
| An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users | ||||
| CVE-2022-23706 | 1 Hp | 1 Oneview | 2024-11-21 | 6.1 Medium |
| A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView. | ||||
| CVE-2022-23697 | 1 Hp | 1 Oneview | 2024-11-21 | 6.1 Medium |
| A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. | ||||
| CVE-2022-23675 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 4.8 Medium |
| A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | ||||
| CVE-2022-23674 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 5.4 Medium |
| A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | ||||
| CVE-2022-23659 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 6.1 Medium |
| A remote reflected cross site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | ||||
| CVE-2022-23438 | 1 Fortinet | 1 Fortios | 2024-11-21 | 4.7 Medium |
| An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the captive portal authentication replacement page. | ||||
| CVE-2022-23397 | 1 Cedargate | 1 Ez-net Portal | 2024-11-21 | 6.1 Medium |
| The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability. NOTE: the vendor disputes this because the ado.im reference has "no clear steps of reproduction." | ||||
| CVE-2022-23391 | 1 Pybbs Project | 1 Pybbs | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Pybbs v6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Search box. | ||||
| CVE-2022-23378 | 1 Tastyigniter | 1 Tastyigniter | 2024-11-21 | 5.4 Medium |
| A Cross-Site Scripting (XSS) vulnerability exists within the 3.2.2 version of TastyIgniter. The "items%5B0%5D%5Bpath%5D" parameter of a request made to /admin/allergens/edit/1 is vulnerable. | ||||
| CVE-2022-23376 | 1 Wikidocs | 1 Wikidocs | 2024-11-21 | 6.1 Medium |
| WikiDocs version 0.1.18 has multiple reflected XSS vulnerabilities on different pages. | ||||
| CVE-2022-23367 | 1 Fulusso Project | 1 Fulusso | 2024-11-21 | 6.1 Medium |
| Fulusso v1.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in /BindAccount/SuccessTips.js. This vulnerability allows attackers to inject malicious code into a victim user's device via open redirection. | ||||