Export limit exceeded: 349443 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349443 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45791 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45791 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-29577 | 2 Antisamy Project, Oracle | 3 Antisamy, Enterprise Manager Base Platform, Weblogic Server | 2024-11-21 | 6.1 Medium |
| OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367. | ||||
| CVE-2022-29548 | 1 Wso2 | 9 Api Manager, Api Manager Analytics, Api Microgateway and 6 more | 2024-11-21 | 4.6 Medium |
| A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro Integrator 1.0.0. | ||||
| CVE-2022-29540 | 1 Resi | 1 Gemini-net | 2024-11-21 | 6.1 Medium |
| resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints, | ||||
| CVE-2022-29533 | 1 Misp | 1 Misp | 2024-11-21 | 6.1 Medium |
| An issue was discovered in MISP before 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation with a "weird single checkbox page." | ||||
| CVE-2022-29532 | 1 Misp | 1 Misp | 2024-11-21 | 4.8 Medium |
| An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: URL in the URL field, and another administrator clicks on it. | ||||
| CVE-2022-29531 | 1 Misp | 1 Misp | 2024-11-21 | 5.4 Medium |
| An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name. | ||||
| CVE-2022-29530 | 1 Misp | 1 Misp | 2024-11-21 | 5.4 Medium |
| An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters. | ||||
| CVE-2022-29529 | 1 Misp | 1 Misp | 2024-11-21 | 5.4 Medium |
| An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field. | ||||
| CVE-2022-29525 | 1 Rakuten | 1 Casa | 2024-11-21 | 9.8 Critical |
| Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation. | ||||
| CVE-2022-29513 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.8 Medium |
| Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script. | ||||
| CVE-2022-29487 | 1 Cybozu | 1 Office | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors. | ||||
| CVE-2022-29485 | 1 Ss-proj | 1 Shirasagi | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors. | ||||
| CVE-2022-29380 | 1 Creativeitem | 1 Academy Lms | 2024-11-21 | 4.8 Medium |
| Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel. | ||||
| CVE-2022-29360 | 1 Rainloop | 1 Webmail | 2024-11-21 | 5.4 Medium |
| The Email Viewer in RainLoop through 1.6.0 allows XSS via a crafted email message. | ||||
| CVE-2022-29359 | 1 School Club Application System Project | 1 School Club Application System | 2024-11-21 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability in /scas/?page=clubs/application_form&id=7 of School Club Application System v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter. | ||||
| CVE-2022-29349 | 1 Keking | 1 Kkfileview | 2024-11-21 | 6.1 Medium |
| kkFileView v4.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java. | ||||
| CVE-2022-29296 | 1 Avantune | 1 Genialcloud Proj | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the login portal of Avantune Genialcloud ProJ - 10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2022-29269 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 6.5 Medium |
| In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address. | ||||
| CVE-2022-29152 | 1 Ericom | 1 Powerterm Webconnect | 2024-11-21 | 6.1 Medium |
| The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an XSS payload from the AppPortal cookie into the page. | ||||
| CVE-2022-29096 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | 6.1 Medium |
| Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in saveGroupConfigurations page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | ||||