Export limit exceeded: 45786 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45786 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-24981 | 1 Jqueryform | 1 Jqueryform | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in forms generated by JQueryForm.com before 2022-02-05 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter to admin.php. | ||||
| CVE-2022-24957 | 1 Dhc-vision | 1 Eqms | 2024-11-21 | 5.4 Medium |
| DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS payload as the name. Any user that opens the object's version or history tab will be attacked. | ||||
| CVE-2022-24948 | 1 Apache | 1 Jspwiki | 2024-11-21 | 6.1 Medium |
| A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.2 or later. | ||||
| CVE-2022-24926 | 1 Samsung | 1 Smarttagplugin | 2024-11-21 | 5.7 Medium |
| Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.15-6 allows privileged attackers to trigger a XSS on a victim's devices. | ||||
| CVE-2022-24693 | 1 Baicells | 4 Neutrino 430, Neutrino 430 Firmware, Nova436q and 1 more | 2024-11-21 | 9.8 Critical |
| Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.) | ||||
| CVE-2022-24692 | 1 Dsk | 1 Dsknet | 2024-11-21 | 5.4 Medium |
| An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The new menu option within the general Parameters page is vulnerable to stored XSS. The attacker can create a menu option, make it visible to every application user, and conduct session hijacking, account takeover, or malicious code delivery, with the final goal of achieving client-side code execution. | ||||
| CVE-2022-24681 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 6.1 Medium |
| Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen. | ||||
| CVE-2022-24657 | 1 Goldshell | 1 Goldshell Miner Firmware | 2024-11-21 | 9.8 Critical |
| Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded credentials which allow attackers to remotely connect via the SSH protocol (port 22). | ||||
| CVE-2022-24656 | 1 Hexoeditor Project | 1 Hexoeditor | 2024-11-21 | 6.1 Medium |
| HexoEditor 1.1.8 is affected by Cross Site Scripting (XSS). By putting a common XSS payload in a markdown file, if opened with the app, will execute several times. | ||||
| CVE-2022-24654 | 1 Intelbras | 2 Ata 200, Ata 200 Firmware | 2024-11-21 | 5.4 Medium |
| Authenticated stored cross-site scripting (XSS) vulnerability in "Field Server Address" field in INTELBRAS ATA 200 Firmware 74.19.10.21 allows attackers to inject JavaScript code through a crafted payload. | ||||
| CVE-2022-24643 | 1 Open-emr | 1 Openemr | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Management System version 6.0.0. | ||||
| CVE-2022-24620 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 5.4 Medium |
| Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XSS), which can lead to privilege escalation. In this way, admin can steal webmaster's cookies to get the webmaster's access. | ||||
| CVE-2022-24612 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2024-11-21 | 5.4 Medium |
| An authenticated user can upload an XML file containing an XSS via the ITSM module of EyesOfNetwork 5.3.11, resulting in a stored XSS. | ||||
| CVE-2022-24608 | 1 Luocms Project | 1 Luocms | 2024-11-21 | 6.1 Medium |
| Luocms v2.0 is affected by Cross Site Scripting (XSS) in /admin/news/sort_add.php and /inc/function.php. | ||||
| CVE-2022-24590 | 1 Backdropcms | 1 Backdrop | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML. | ||||
| CVE-2022-24589 | 1 Burden Project | 1 Burden | 2024-11-21 | 6.1 Medium |
| Burden v3.0 was discovered to contain a stored cross-site scripting (XSS) in the Add Category function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the task parameter. | ||||
| CVE-2022-24588 | 1 Flatpress | 1 Flatpress | 2024-11-21 | 5.4 Medium |
| Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function. | ||||
| CVE-2022-24587 | 1 Pluxml | 1 Pluxml | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML. | ||||
| CVE-2022-24586 | 1 Pluxml | 1 Pluxml | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters. | ||||
| CVE-2022-24585 | 1 Pluxml | 1 Pluxml | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter. | ||||