Export limit exceeded: 45824 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45824 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-26263 | 1 Yonyou | 1 U8\+ | 2024-11-21 | 6.1 Medium |
| Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability via the component /u8sl/WebHelp. | ||||
| CVE-2022-26255 | 1 Clash Project | 1 Clash | 2024-11-21 | 9.8 Critical |
| Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column. | ||||
| CVE-2022-26246 | 1 Tms Project | 1 Tms | 2024-11-21 | 6.1 Medium |
| TMS v2.28.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /TMS/admin/setting/mail/createorupdate. | ||||
| CVE-2022-26244 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "special" field. | ||||
| CVE-2022-26197 | 1 Joget | 1 Joget Dx | 2024-11-21 | 5.4 Medium |
| Joget DX 7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Datalist table. | ||||
| CVE-2022-26155 | 1 Cherwell | 1 Cherwell Service Management | 2024-11-21 | 6.1 Medium |
| An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body. | ||||
| CVE-2022-26146 | 1 Tricentis | 1 Qtest | 2024-11-21 | 5.4 Medium |
| Tricentis qTest before 10.4 allows stored XSS by an authenticated attacker. | ||||
| CVE-2022-26144 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 6.1 Medium |
| An XSS issue was discovered in MantisBT before 2.25.3. Improper escaping of a Plugin name allows execution of arbitrary code (if CSP allows it) in manage_plugin_page.php and manage_plugin_uninstall.php when a crafted plugin is installed. | ||||
| CVE-2022-26119 | 1 Fortinet | 1 Fortisiem | 2024-11-21 | 7.8 High |
| A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password. | ||||
| CVE-2022-26114 | 1 Fortinet | 1 Fortimail | 2024-11-21 | 5.4 Medium |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in the Webmail of FortiMail before 7.2.0 may allow an unauthenticated attacker to trigger a cross-site scripting (XSS) attack via sending specially crafted mail messages. | ||||
| CVE-2022-26105 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-11-21 | 6.1 Medium |
| SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | ||||
| CVE-2022-26101 | 1 Sap | 1 Fiori Launchpad | 2024-11-21 | 6.1 Medium |
| Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2022-25875 | 1 Svelte | 1 Svelte | 2024-11-21 | 5.4 Medium |
| The package svelte before 3.49.0 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization and to improper escape of attributes when using objects during SSR (Server-Side Rendering). Exploiting this vulnerability is possible via objects with a custom toString() function. | ||||
| CVE-2022-25873 | 1 Vuetifyjs | 1 Vuetify | 2024-11-21 | 4.6 Medium |
| The package vuetify from 2.0.0-beta.4 and before 2.6.10 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization in the 'eventName' function within the VCalendar component. | ||||
| CVE-2022-25854 | 1 Tagify Project | 1 Tagify | 2024-11-21 | 5.4 Medium |
| This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the XSS payload. | ||||
| CVE-2022-25807 | 1 Igel | 1 Universal Management Suite | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the LDAPDesPWEncrypter class allows an attacker, who has discovered encrypted LDAP bind credentials, to decrypt those credentials using a static 8-byte DES key. | ||||
| CVE-2022-25806 | 1 Igel | 1 Universal Management Suite | 2024-11-21 | 8.8 High |
| An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those credentials using a static 8-byte DES key. | ||||
| CVE-2022-25802 | 1 Bestpractical | 1 Request Tracker | 2024-11-21 | 6.1 Medium |
| Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment. | ||||
| CVE-2022-25784 | 1 Secomea | 18 Sitemanager 1129, Sitemanager 1129 Firmware, Sitemanager 1139 and 15 more | 2024-11-21 | 9.1 Critical |
| Cross-site Scripting (XSS) vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting. This issue affects: Secomea SiteManager all versions prior to 9.7. | ||||
| CVE-2022-25781 | 1 Secomea | 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more | 2024-11-21 | 4.2 Medium |
| Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session. | ||||