Export limit exceeded: 45791 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45791 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-28599 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack. | ||||
| CVE-2022-28598 | 1 Frappe | 1 Erpnext | 2024-11-21 | 6.1 Medium |
| Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users. | ||||
| CVE-2022-28589 | 1 Pixelimity | 1 Pixelimity | 2024-11-21 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in Pixelimity 1.0 allows attackers to execute arbitrary web scripts or HTML via the Title field in admin/pages.php?action=add_new | ||||
| CVE-2022-28588 | 1 Springbootmovie Project | 1 Springbootmovie | 2024-11-21 | 5.4 Medium |
| In SpringBootMovie <=1.2 when adding movie names, malicious code can be stored because there are no filtering parameters, resulting in stored XSS. | ||||
| CVE-2022-28586 | 1 Hoosk | 1 Hoosk | 2024-11-21 | 6.1 Medium |
| XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars. | ||||
| CVE-2022-28545 | 1 Fudforum | 1 Fudforum | 2024-11-21 | 5.4 Medium |
| FUDforum 3.1.1 is vulnerable to Stored XSS. | ||||
| CVE-2022-28522 | 1 Zcms Project | 1 Zcms | 2024-11-21 | 5.4 Medium |
| ZCMS v20170206 was discovered to contain a stored cross-site scripting (XSS) vulnerability via index.php?m=home&c=message&a=add. | ||||
| CVE-2022-28508 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 6.1 Medium |
| An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field. | ||||
| CVE-2022-28507 | 1 Bdt-121 Project | 2 Bdt-121, Bdt-121 Firmware | 2024-11-21 | 4.8 Medium |
| Dragon Path Technologies Bharti Airtel Routers Hardware BDT-121 version 1.0 is vulnerable to Cross Site Scripting (XSS) via Dragon path router admin page. | ||||
| CVE-2022-28479 | 1 Seeddms | 1 Seeddms | 2024-11-21 | 4.8 Medium |
| SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS. An attacker with admin privileges can inject the payload inside the "Role management" menu and then trigger the payload by loading the "Users management" menu | ||||
| CVE-2022-28477 | 1 Wbce | 1 Wbce Cms | 2024-11-21 | 6.1 Medium |
| WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2022-28464 | 1 Apifox | 1 Apifox | 2024-11-21 | 9.0 Critical |
| Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which can lead to remote code execution. | ||||
| CVE-2022-28454 | 1 Limbas | 1 Limbas | 2024-11-21 | 6.1 Medium |
| Limbas 4.3.36.1319 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2022-28450 | 1 Nopcommerce | 1 Nopcommerce | 2024-11-21 | 5.4 Medium |
| nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the "Text" parameter (forums) when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser. | ||||
| CVE-2022-28449 | 1 Nopcommerce | 1 Nopcommerce | 2024-11-21 | 6.1 Medium |
| nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At Apply for vendor account feature, an attacker can upload an arbitrary file to the system. | ||||
| CVE-2022-28448 | 1 Nopcommerce | 1 Nopcommerce | 2024-11-21 | 5.4 Medium |
| nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An attacker (role customer) can inject javascript code to First name or Last name at Customer Info. | ||||
| CVE-2022-28379 | 1 Nginxproxymanager | 1 Nginx Proxy Manager | 2024-11-21 | 6.8 Medium |
| jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion. | ||||
| CVE-2022-28378 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | 6.1 Medium |
| Craft CMS before 3.7.29 allows XSS. | ||||
| CVE-2022-28371 | 1 Verizon | 4 Lvskihp Indoorunit, Lvskihp Indoorunit Firmware, Lvskihp Outdoorunit and 1 more | 2024-11-21 | 7.5 High |
| On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static certificate for access control. This certificate is embedded in the firmware, and is identical across the fleet of devices. An attacker need only download this firmware and extract the private components of these certificates (from /etc/lighttpd.d/ca.pem and /etc/lighttpd.d/server.pem) to gain access. (The firmware download location is shown in a device's upgrade logs.) | ||||
| CVE-2022-28368 | 1 Dompdf Project | 1 Dompdf | 2024-11-21 | 9.8 Critical |
| Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file). | ||||