Export limit exceeded: 45824 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45824 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-27330 | 1 E-commerce Website Project | 1 E-commerce Website | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field. | ||||
| CVE-2022-27308 | 1 Phprojekt Phpsimplygest Project | 1 Phprojekt Phpsimplygest | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in PHProjekt PhpSimplyGest v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a project title. | ||||
| CVE-2022-27280 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2024-11-21 | 5.4 Medium |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the web_exec parameter at /apply.cgi. | ||||
| CVE-2022-27258 | 1 Hubzilla | 1 Hubzilla | 2024-11-21 | 6.1 Medium |
| Multiple Cross-Site Scripting (XSS) vulnerabilities in Hubzilla 7.0.3 and earlier allows remote attacker to include arbitrary web script or HTML via the rpath parameter. | ||||
| CVE-2022-27246 | 1 Misp | 1 Misp | 2024-11-21 | 6.1 Medium |
| An issue was discovered in MISP before 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default. | ||||
| CVE-2022-27244 | 1 Misp | 1 Misp | 2024-11-21 | 4.8 Medium |
| An issue was discovered in MISP before 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user. | ||||
| CVE-2022-27238 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 5.4 Medium |
| BigBlueButton version 2.4.7 (or earlier) is vulnerable to stored Cross-Site Scripting (XSS) in the private chat functionality. A threat actor could inject JavaScript payload in his/her username. The payload gets executed in the browser of the victim each time the attacker sends a private message to the victim or when notification about the attacker leaving room is displayed. | ||||
| CVE-2022-27237 | 1 Ni | 5 Flexlogger, G Web Development Software, Labview and 2 more | 2024-11-21 | 6.1 Medium |
| There is a cross-site scripting (XSS) vulnerability in an NI Web Server component installed with several NI products. Depending on the product(s) in use, remediation guidance includes: install SystemLink version 2021 R3 or later, install FlexLogger 2022 Q2 or later, install LabVIEW 2021 SP1, install G Web Development 2022 R1 or later, or install Static Test Software Suite version 1.2 or later. | ||||
| CVE-2022-27231 | 1 Veronalabs | 1 Wp Statistics | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product. | ||||
| CVE-2022-27230 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Guided Configuration | 2024-11-21 | 7.5 High |
| On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP APM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of F5 BIG-IP Guided Configuration that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2022-27213 | 1 Jenkins | 1 Environment Dashboard | 2024-11-21 | 5.4 Medium |
| Jenkins Environment Dashboard Plugin 1.1.10 and earlier does not escape the Environment order and the Component order configuration values in its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission. | ||||
| CVE-2022-27212 | 1 Jenkins | 1 List Git Branches Parameter | 2024-11-21 | 5.4 Medium |
| Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the 'List Git branches (and more)' parameter, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-27207 | 1 Jenkins | 1 Global-build-stats | 2024-11-21 | 4.8 Medium |
| Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. | ||||
| CVE-2022-27202 | 1 Jenkins | 1 Extended Choice Parameter | 2024-11-21 | 5.4 Medium |
| Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-27200 | 1 Jenkins | 1 Folder-based Authorization Strategy | 2024-11-21 | 4.8 Medium |
| Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the configuration form, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. | ||||
| CVE-2022-27197 | 1 Jenkins | 1 Dashboard View | 2024-11-21 | 5.4 Medium |
| Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet's Iframe source URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure views. | ||||
| CVE-2022-27196 | 1 Jenkins | 1 Favorite | 2024-11-21 | 5.4 Medium |
| Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions. | ||||
| CVE-2022-27183 | 1 Splunk | 1 Splunk | 2024-11-21 | 8.8 High |
| The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. The Monitoring Console app is a bundled app included in Splunk Enterprise, not for download on SplunkBase, and not installed on Splunk Cloud Platform instances. Note that the Cloud Monitoring Console is not impacted. | ||||
| CVE-2022-27168 | 1 Litecart | 1 Litecart | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 allows a remote attacker to inject an arbitrary script via unspecified vectors. | ||||
| CVE-2022-27166 | 1 Apache | 1 Jspwiki | 2024-11-21 | 6.1 Medium |
| A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | ||||