Export limit exceeded: 45786 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45786 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-24582 | 1 Accounting Journal Management Project | 1 Accounting Journal Management | 2024-11-21 | 5.4 Medium |
| Accounting Journal Management 1.0 is vulnerable to XSS-PHPSESSID-Hijacking. The parameter manage_user from User lists is vulnerable to XSS-Stored and PHPSESSID attacks. The malicious user can attack the system by using the already session which he has from inside and outside of the network. | ||||
| CVE-2022-24573 | 1 Element-it | 1 Http Commander | 2024-11-21 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent field. | ||||
| CVE-2022-24572 | 1 Car Driving School Management System Project | 1 Car Driving School Management System | 2024-11-21 | 6.1 Medium |
| Car Driving School Management System v1.0 is affected by Cross Site Scripting (XSS) in the User Enrollment Form (Username Field). To exploit this Vulnerability, an admin views the registered user details. | ||||
| CVE-2022-24566 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 5.4 Medium |
| In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting (XSS). | ||||
| CVE-2022-24565 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 5.4 Medium |
| Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability. The Alias of a site was not properly escaped when shown as condition for notifications. | ||||
| CVE-2022-24564 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 6.1 Medium |
| Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. While creating or editing a user attribute, the Help Text is subject to HTML injection, which can be triggered for editing a user. | ||||
| CVE-2022-24563 | 1 Metalgenix | 1 Genixcms | 2024-11-21 | 5.4 Medium |
| In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the intro_title and intro_image parameters. | ||||
| CVE-2022-24435 | 1 Phpuploader Project | 1 Phpuploader | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in phpUploader v1.2 and earlier allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors. | ||||
| CVE-2022-24399 | 1 Sap | 1 Focused Run | 2024-11-21 | 6.1 Medium |
| The SAP Focused Run (Real User Monitoring) - versions 200, 300, REST service does not sufficiently sanitize the input name of the file using multipart/form-data, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2022-24397 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-11-21 | 6.1 Medium |
| SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of portal Website. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of victim’s web browser. | ||||
| CVE-2022-24395 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-11-21 | 6.1 Medium |
| SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2022-24374 | 1 Appleple | 1 A-blog Cms | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-23916. | ||||
| CVE-2022-24347 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 5.4 Medium |
| JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon. | ||||
| CVE-2022-24344 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 5.4 Medium |
| JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page. | ||||
| CVE-2022-24339 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 5.4 Medium |
| JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS. | ||||
| CVE-2022-24338 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 6.1 Medium |
| JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS. | ||||
| CVE-2022-24255 | 1 Extensis | 1 Portfolio | 2024-11-21 | 8.8 High |
| Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to gain administrator privileges. | ||||
| CVE-2022-24238 | 1 Aceware | 1 Aceweb Online Portal | 2024-11-21 | 6.1 Medium |
| ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp. | ||||
| CVE-2022-24229 | 1 Onlyoffice | 1 Document Server | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor. | ||||
| CVE-2022-24181 | 1 Public Knowledge Project | 1 Open Journal Systems | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote attackers to inject arbitary code via the X-Forwarded-Host Header. | ||||