Export limit exceeded: 349498 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349498 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45824 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45824 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-27156 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 5.4 Medium |
| Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection. | ||||
| CVE-2022-27125 | 1 Zbzcms | 1 Zbzcms | 2024-11-21 | 6.1 Medium |
| zbzcms v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the neirong parameter at /php/ajax.php. | ||||
| CVE-2022-27111 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 5.4 Medium |
| Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it. | ||||
| CVE-2022-27107 | 1 Orangehrm | 1 Orangehrm | 2024-11-21 | 5.4 Medium |
| OrangeHRM 4.10 is vulnerable to Stored XSS in the "Share Video" section under "OrangeBuzz" via the GET/POST "createVideo[linkAddress]" parameter | ||||
| CVE-2022-27105 | 1 Digitus | 1 Inmailx | 2024-11-21 | 5.4 Medium |
| InMailX Outlook Plugin < 3.22.0101 is vulnerable to Cross Site Scripting (XSS). InMailX Connection names are not sanitzed in the Outlook tab, which allows a local user or network administrator to execute HTML / Javascript in the Outlook of users. | ||||
| CVE-2022-27103 | 1 Element-plus | 1 Element-plus | 2024-11-21 | 6.1 Medium |
| element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS) via el-table-column. | ||||
| CVE-2022-27063 | 1 Aerocms Project | 1 Aerocms | 2024-11-21 | 6.1 Medium |
| AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field. | ||||
| CVE-2022-27062 | 1 Aerocms Project | 1 Aerocms | 2024-11-21 | 4.8 Medium |
| AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field. | ||||
| CVE-2022-26980 | 1 Teampass | 1 Teampass | 2024-11-21 | 6.1 Medium |
| Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO. | ||||
| CVE-2022-26978 | 1 Barco | 1 Control Room Management Suite | 2024-11-21 | 6.1 Medium |
| Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint. The os_username parameters is not correctly sanitized, leading to reflected XSS. | ||||
| CVE-2022-26977 | 1 Barco | 1 Control Room Management Suite | 2024-11-21 | 6.1 Medium |
| Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization of the upload mechanism is leads to stored XSS. | ||||
| CVE-2022-26976 | 1 Barco | 1 Control Room Management Suite | 2024-11-21 | 5.4 Medium |
| Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS. | ||||
| CVE-2022-26974 | 1 Barco | 1 Control Room Management Suite | 2024-11-21 | 6.1 Medium |
| Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a file upload mechanism. Lack of input sanitization in the upload mechanism leads to reflected XSS. | ||||
| CVE-2022-26972 | 1 Barco | 1 Control Room Management Suite | 2024-11-21 | 6.1 Medium |
| Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to reflected XSS. | ||||
| CVE-2022-26951 | 1 Rsa | 1 Archer | 2024-11-21 | 6.5 Medium |
| Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerability. A remote SAML-unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and gets executed by the web browser in the context of the vulnerable web application. | ||||
| CVE-2022-26947 | 1 Rsa | 1 Archer | 2024-11-21 | 6.3 Medium |
| Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and gets executed by the web browser in the context of the vulnerable web application. | ||||
| CVE-2022-26874 | 2 Debian, Horde | 2 Debian Linux, Horde Mime Viewer | 2024-11-21 | 5.4 Medium |
| lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering. | ||||
| CVE-2022-26866 | 1 Dell | 1 Powerstoreos | 2024-11-21 | 5.5 Medium |
| Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site Scripting vulnerability. A high privileged network attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | ||||
| CVE-2022-26673 | 1 Asus | 2 Rt-ax88u, Rt-ax88u Firmware | 2024-11-21 | 5.4 Medium |
| ASUS RT-AX88U has insufficient filtering for special characters in the HTTP header parameter. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform Stored Cross-Site Scripting (XSS) attacks. | ||||
| CVE-2022-26672 | 1 Asus | 1 Webstorage | 2024-11-21 | 7.3 High |
| ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote attacker can use this token to establish connections with the server and carry out login attempts to general user accounts. A successful login to a general user account allows the attacker to access, modify or delete this user account information. | ||||