Export limit exceeded: 45837 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45837 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-32286 | 1 Mendix | 1 Saml | 2024-11-21 | 6.1 Medium |
| A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). In certain configurations SAML module is vulnerable to Cross Site Scripting (XSS) attacks due to insufficient error message sanitation. This could allow an attacker to execute malicious code by tricking users into accessing a malicious link. | ||||
| CVE-2022-32274 | 1 Ttpsc | 1 The Scheduler | 2024-11-21 | 5.4 Medium |
| The Transition Scheduler add-on 6.5.0 for Atlassian Jira is prone to stored XSS via the project name to the creation function. | ||||
| CVE-2022-32271 | 1 Realnetworks | 1 Realplayer | 2024-11-21 | 9.6 Critical |
| In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is possible to inject script code to arbitrary domains. It is also possible to reference arbitrary local files. | ||||
| CVE-2022-32269 | 1 Realnetworks | 1 Realplayer | 2024-11-21 | 9.8 Critical |
| In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages (displayed by Internet Explorer core). This leads to arbitrary code execution. | ||||
| CVE-2022-32247 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-11-21 | 6.1 Medium |
| SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | ||||
| CVE-2022-32225 | 1 Veeam | 1 Management Pack | 2024-11-21 | 6.1 Medium |
| A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. This vulnerability could be exploited by an attacker by convincing a legitimate user to visit a crafted URL on a Veeam Management Pack for Microsoft System Center server, allowing for the execution of arbitrary scripts. | ||||
| CVE-2022-32195 | 1 Edx | 1 Open Edx | 2024-11-21 | 6.1 Medium |
| Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL. | ||||
| CVE-2022-32173 | 1 Orchardcore | 1 Orchardcore | 2024-11-21 | 5.4 Medium |
| In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users. | ||||
| CVE-2022-32172 | 1 Zinclabs | 1 Zinc | 2024-11-21 | N/A |
| In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete template functionality. When an authenticated user deletes a template with a XSS payload in the name field, the Javascript payload will be executed and allow an attacker to access the user’s credentials. | ||||
| CVE-2022-32171 | 1 Zinclabs | 1 Zinc | 2024-11-21 | N/A |
| In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete user functionality. When an authenticated user deletes a user having a XSS payload in the user id field, the javascript payload will be executed and allow an attacker to access the user’s credentials. | ||||
| CVE-2022-32159 | 1 Infogami | 1 Infogami | 2024-11-21 | N/A |
| In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Stored XSS. | ||||
| CVE-2022-32145 | 1 Siemens | 1 Teamcenter Active Workspace | 2024-11-21 | 6.1 Medium |
| A vulnerability has been identified in Teamcenter Active Workspace V5.2 (All versions < V5.2.9), Teamcenter Active Workspace V6.0 (All versions < V6.0.3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious code by tricking users into accessing a malicious link. | ||||
| CVE-2022-32131 | 1 74cms | 1 74cmsse | 2024-11-21 | 6.1 Medium |
| 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /index/notice/show. | ||||
| CVE-2022-32130 | 1 74cms | 1 74cmsse | 2024-11-21 | 6.1 Medium |
| 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/down_resume/total/nature. | ||||
| CVE-2022-32129 | 1 74cms | 1 74cmsse | 2024-11-21 | 6.1 Medium |
| 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/account/safety/trade. | ||||
| CVE-2022-32128 | 1 74cms | 1 74cmsse | 2024-11-21 | 6.1 Medium |
| 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/service/increment/add/im. | ||||
| CVE-2022-32127 | 1 74cms | 1 74cmsse | 2024-11-21 | 6.1 Medium |
| 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/view_be_browsed/total. | ||||
| CVE-2022-32126 | 1 74cms | 1 74cmsse | 2024-11-21 | 6.1 Medium |
| 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company. | ||||
| CVE-2022-32125 | 1 74cms | 1 74cmsse | 2024-11-21 | 6.1 Medium |
| 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /job. | ||||
| CVE-2022-32124 | 1 74cms | 1 74cmsse | 2024-11-21 | 6.1 Medium |
| 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /index/jobfairol/show/. | ||||