Export limit exceeded: 349705 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45857 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45857 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34618 | 1 Mealie Project | 1 Mealie | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in Mealie 1.0.0beta3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the recipe description text field. | ||||
| CVE-2022-34611 | 1 Online Fire Reporting System Project | 1 Online Fire Reporting System | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in /index.php/?p=report of Online Fire Reporting System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "Contac #" text field. | ||||
| CVE-2022-34594 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2024-11-21 | 4.8 Medium |
| Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component ip/school/moudel/update_subject.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Subject text field. | ||||
| CVE-2022-34580 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2024-11-21 | 4.8 Medium |
| Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the address parameter at ip/school/index.php. | ||||
| CVE-2022-34550 | 1 Student Information Management System Project | 1 Student Information Management System | 2024-11-21 | 5.4 Medium |
| Sims v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /addNotifyServlet. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the notifyInfo parameter. | ||||
| CVE-2022-34537 | 1 Dw | 2 Megapix, Megapix Firmware | 2024-11-21 | 5.4 Medium |
| Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a cross-site scripting (XSS) vulnerability via the component bia_oneshot.cgi. | ||||
| CVE-2022-34425 | 1 Dell | 1 Enterprise Sonic Distribution | 2024-11-21 | 7.5 High |
| Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication. | ||||
| CVE-2022-34358 | 1 Ibm | 1 I | 2024-11-21 | 5.4 Medium |
| IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 230516. | ||||
| CVE-2022-34336 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | 5.4 Medium |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229714. | ||||
| CVE-2022-34328 | 1 Sigb | 1 Pmb | 2024-11-21 | 6.1 Medium |
| PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_see request to index.php. | ||||
| CVE-2022-34306 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-11-21 | 5.4 Medium |
| IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229435. | ||||
| CVE-2022-34305 | 1 Apache | 1 Tomcat | 2024-11-21 | 6.1 Medium |
| In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability. | ||||
| CVE-2022-34198 | 1 Jenkins | 1 Stash Branch Parameter | 2024-11-21 | 5.4 Medium |
| Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier does not escape the name and description of Stash Branch parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-34197 | 1 Jenkins | 1 Sauce Ondemand | 2024-11-21 | 5.4 Medium |
| Jenkins Sauce OnDemand Plugin 1.204 and earlier does not escape the name and description of Sauce Labs Browsers parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-34196 | 1 Jenkins | 1 Rest List Parameter | 2024-11-21 | 5.4 Medium |
| Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-34195 | 1 Jenkins | 1 Repository Connector | 2024-11-21 | 5.4 Medium |
| Jenkins Repository Connector Plugin 2.2.0 and earlier does not escape the name and description of Maven Repository Artifact parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-34194 | 1 Jenkins | 1 Readonly Parameter | 2024-11-21 | 5.4 Medium |
| Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Readonly String and Readonly Text parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-34193 | 1 Jenkins | 1 Package Version | 2024-11-21 | 5.4 Medium |
| Jenkins Package Version Plugin 1.0.1 and earlier does not escape the name of Package version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-34192 | 1 Jenkins | 1 Ontrack | 2024-11-21 | 5.4 Medium |
| Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-34191 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2024-11-21 | 5.4 Medium |
| Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.77 and earlier does not escape the name of NetStorm Test parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||