Export limit exceeded: 45790 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45790 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-27200 | 1 Jenkins | 1 Folder-based Authorization Strategy | 2024-11-21 | 4.8 Medium |
| Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the configuration form, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. | ||||
| CVE-2022-27197 | 1 Jenkins | 1 Dashboard View | 2024-11-21 | 5.4 Medium |
| Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet's Iframe source URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure views. | ||||
| CVE-2022-27196 | 1 Jenkins | 1 Favorite | 2024-11-21 | 5.4 Medium |
| Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions. | ||||
| CVE-2022-27183 | 1 Splunk | 1 Splunk | 2024-11-21 | 8.8 High |
| The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. The Monitoring Console app is a bundled app included in Splunk Enterprise, not for download on SplunkBase, and not installed on Splunk Cloud Platform instances. Note that the Cloud Monitoring Console is not impacted. | ||||
| CVE-2022-27168 | 1 Litecart | 1 Litecart | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 allows a remote attacker to inject an arbitrary script via unspecified vectors. | ||||
| CVE-2022-27166 | 1 Apache | 1 Jspwiki | 2024-11-21 | 6.1 Medium |
| A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | ||||
| CVE-2022-27156 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 5.4 Medium |
| Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection. | ||||
| CVE-2022-27125 | 1 Zbzcms | 1 Zbzcms | 2024-11-21 | 6.1 Medium |
| zbzcms v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the neirong parameter at /php/ajax.php. | ||||
| CVE-2022-27111 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 5.4 Medium |
| Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it. | ||||
| CVE-2022-27107 | 1 Orangehrm | 1 Orangehrm | 2024-11-21 | 5.4 Medium |
| OrangeHRM 4.10 is vulnerable to Stored XSS in the "Share Video" section under "OrangeBuzz" via the GET/POST "createVideo[linkAddress]" parameter | ||||
| CVE-2022-27105 | 1 Digitus | 1 Inmailx | 2024-11-21 | 5.4 Medium |
| InMailX Outlook Plugin < 3.22.0101 is vulnerable to Cross Site Scripting (XSS). InMailX Connection names are not sanitzed in the Outlook tab, which allows a local user or network administrator to execute HTML / Javascript in the Outlook of users. | ||||
| CVE-2022-27103 | 1 Element-plus | 1 Element-plus | 2024-11-21 | 6.1 Medium |
| element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS) via el-table-column. | ||||
| CVE-2022-27063 | 1 Aerocms Project | 1 Aerocms | 2024-11-21 | 6.1 Medium |
| AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field. | ||||
| CVE-2022-27062 | 1 Aerocms Project | 1 Aerocms | 2024-11-21 | 4.8 Medium |
| AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field. | ||||
| CVE-2022-26980 | 1 Teampass | 1 Teampass | 2024-11-21 | 6.1 Medium |
| Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO. | ||||
| CVE-2022-26978 | 1 Barco | 1 Control Room Management Suite | 2024-11-21 | 6.1 Medium |
| Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint. The os_username parameters is not correctly sanitized, leading to reflected XSS. | ||||
| CVE-2022-26977 | 1 Barco | 1 Control Room Management Suite | 2024-11-21 | 6.1 Medium |
| Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization of the upload mechanism is leads to stored XSS. | ||||
| CVE-2022-26976 | 1 Barco | 1 Control Room Management Suite | 2024-11-21 | 5.4 Medium |
| Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS. | ||||
| CVE-2022-26974 | 1 Barco | 1 Control Room Management Suite | 2024-11-21 | 6.1 Medium |
| Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a file upload mechanism. Lack of input sanitization in the upload mechanism leads to reflected XSS. | ||||
| CVE-2022-26972 | 1 Barco | 1 Control Room Management Suite | 2024-11-21 | 6.1 Medium |
| Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to reflected XSS. | ||||