Export limit exceeded: 45829 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45829 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-36533 | 2 Linux, Syncovery | 2 Linux Kernel, Syncovery | 2024-11-21 | 5.4 Medium |
| Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2022-36530 | 1 Rageframe | 1 Rageframe | 2024-11-21 | 6.1 Medium |
| An issue was discovered in rageframe2 2.6.37. There is a XSS vulnerability in the user agent related parameters of the info.php page. | ||||
| CVE-2022-36527 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 5.4 Medium |
| Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module. | ||||
| CVE-2022-36311 | 1 Airspan | 2 Airvelocity 1500, Airvelocity 1500 Firmware | 2024-11-21 | 6.1 Medium |
| Airspan AirVelocity 1500 prior to software version 15.18.00.2511 is vulnerable to injection leading to XSS in the SNMP community field in the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models. | ||||
| CVE-2022-36305 | 1 Vestacp | 1 Vesta Control Panel | 2024-11-21 | 6.1 Medium |
| Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the body function at /web/api/v1/upload/UploadHandler.php. | ||||
| CVE-2022-36304 | 1 Vestacp | 1 Vesta Control Panel | 2024-11-21 | 6.1 Medium |
| Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the generate_response function at /web/api/v1/upload/UploadHandler.php. | ||||
| CVE-2022-36303 | 1 Vestacp | 1 Vesta Control Panel | 2024-11-21 | 6.1 Medium |
| Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the handle_file_upload function at /web/api/v1/upload/UploadHandler.php. | ||||
| CVE-2022-36277 | 1 Tcman | 1 Gim | 2024-11-21 | 6.5 Medium |
| The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks. | ||||
| CVE-2022-36266 | 1 Airspan | 2 Airspot 5410, Airspot 5410 Firmware | 2024-11-21 | 6.1 Medium |
| In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS payload that will be accepted and stored. A successful attack will results in the injection of malicious scripts into the user settings page. | ||||
| CVE-2022-36254 | 1 Hotel Management System Project | 1 Hotel Management System | 2024-11-21 | 5.4 Medium |
| Multiple persistent cross-site scripting (XSS) vulnerabilities in index.php in tramyardg Hotel Management System 1.0 allow remote attackers to inject arbitrary web script or HTML via multiple parameters such as "fullname". | ||||
| CVE-2022-36251 | 1 Oretnom23 | 1 Clinic\'s Patient Management System | 2024-11-21 | 6.1 Medium |
| Clinic's Patient Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via patients.php. | ||||
| CVE-2022-36203 | 1 Doctor\'s Appointment System Project | 1 Doctor\'s Appointment System | 2024-11-21 | 6.1 Medium |
| Doctor's Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) via the admin panel. In addition, it leads to takeover the administrator account by stealing the cookie via XSS. | ||||
| CVE-2022-36197 | 1 Bigtreecms | 1 Bigtree Cms | 2024-11-21 | 5.4 Medium |
| BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PDF file. | ||||
| CVE-2022-36194 | 1 Centreon | 1 Centreon | 2024-11-21 | 5.4 Medium |
| Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the function Pollers > Broker Configuration by adding a crafted payload into the name parameter. | ||||
| CVE-2022-36171 | 1 Mapgis | 1 Mapgis Igserver | 2024-11-21 | 8.1 High |
| MapGIS IGServer 10.5.6.11 is vulnerable to Arbitrary file deletion. | ||||
| CVE-2022-36170 | 1 Mapgis | 1 Igserver | 2024-11-21 | 8.8 High |
| MapGIS 10.5 Pro IGServer has hardcoded credentials in the front-end and can lead to escalation of privileges and arbitrary file deletion. | ||||
| CVE-2022-36131 | 1 Midori-global | 1 Better Pdf Exporter | 2024-11-21 | 6.1 Medium |
| The Better PDF Exporter add-on 10.0.0 for Atlassian Jira is prone to stored XSS via a crafted description to the PDF Templates overview page. | ||||
| CVE-2022-35950 | 1 Oroinc | 1 Orocommerce | 2024-11-21 | 6.9 Medium |
| OroCommerce is an open-source Business to Business Commerce application. In versions 4.1.0 through 4.1.13, 4.2.0 through 4.2.10, 5.0.0 prior to 5.0.11, and 5.1.0 prior to 5.1.1, the JS payload added to the product name may be executed at the storefront when adding a note to the shopping list line item containing a vulnerable product. An attacker should be able to edit a product in the admin area and force a user to add this product to Shopping List and click add a note for it. Versions 5.0.11 and 5.1.1 contain a fix for this issue. | ||||
| CVE-2022-35910 | 1 Jellyfin | 1 Jellyfin | 2024-11-21 | 5.4 Medium |
| In Jellyfin before 10.8, stored XSS allows theft of an admin access token. | ||||
| CVE-2022-35866 | 1 Vinchin | 1 Vinchin Backup And Recovery | 2024-11-21 | 9.8 Critical |
| This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MySQL server. The server uses a hard-coded password for the administrator user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17139. | ||||