Export limit exceeded: 45335 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45335 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45365 | 1 Urosevic | 1 Stock Ticker | 2024-11-21 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Urošević Stock Ticker allows Reflected XSS.This issue affects Stock Ticker: from n/a through 3.23.2. | ||||
| CVE-2022-45363 | 1 Muffingroup | 1 Betheme | 2024-11-21 | 5.4 Medium |
| Auth. (subscriber+) Stored Cross-Site Scripting (XSS) in Muffingroup Betheme theme <= 26.6.1 on WordPress. | ||||
| CVE-2022-45218 | 1 Oretnom23 | 1 Human Resource Management System | 2024-11-21 | 6.1 Medium |
| Human Resource Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. This vulnerability is triggered via a crafted payload injected into an authentication error message. | ||||
| CVE-2022-45176 | 1 Liveboxcloud | 1 Vdesk | 2024-11-21 | 6.1 Medium |
| An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting (XSS) can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application (through its vShare functionality section) doesn't properly check parameters, sent in HTTP requests as input, before saving them on the server. In addition, crafted JavaScript content can then be reflected back to the end user and executed by the web browser. | ||||
| CVE-2022-45137 | 1 Wago | 14 751-9301, 751-9301 Firmware, 752-8303\/8000-002 and 11 more | 2024-11-21 | 6.1 Medium |
| The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability. | ||||
| CVE-2022-45082 | 1 Oxilab | 1 Accordions | 2024-11-21 | 3.4 Low |
| Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilities in Accordions plugin <= 2.0.3 on WordPress via &addons-style-name and &accordions_or_faqs_license_key. | ||||
| CVE-2022-44741 | 1 Slidervilla | 1 Testimonial Slider | 2024-11-21 | 6.1 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on WordPress. | ||||
| CVE-2022-44736 | 1 Chameleon Project | 1 Chameleon | 2024-11-21 | 4.8 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Chameleon plugin <= 1.4.3 on WordPress. | ||||
| CVE-2022-44629 | 1 Catalystconnect | 1 Catalyst Connect Zoho Crm Client Portal | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Catalyst Connect Catalyst Connect Zoho CRM Client Portal plugin <= 2.0.0 versions. | ||||
| CVE-2022-44612 | 1 Intel | 1 Unison | 2024-11-21 | 5.5 Medium |
| Use of hard-coded credentials in some Intel(R) Unison(TM) software before version 10.12 may allow an authenticated user user to potentially enable information disclosure via local access. | ||||
| CVE-2022-44591 | 1 Anthologize Project | 1 Anthologize | 2024-11-21 | 4.8 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anthologize plugin <= 0.8.0 on WordPress. | ||||
| CVE-2022-44590 | 1 Simple Video Embedder Project | 1 Simple Video Embedder | 2024-11-21 | 5.4 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in James Lao's Simple Video Embedder plugin <= 2.2 on WordPress. | ||||
| CVE-2022-44390 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Record Number text field. | ||||
| CVE-2022-43955 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 8 High |
| An improper neutralization of input during web page generation [CWE-79] in the FortiWeb web interface 7.0.0 through 7.0.3, 6.3.0 through 6.3.21, 6.4 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow an unauthenticated and remote attacker to perform a reflected cross site scripting attack (XSS) via injecting malicious payload in log entries used to build report. | ||||
| CVE-2022-43952 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | 3.3 Low |
| An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC version 7.1.1 and below, version 7.0.3 and below, version 6.2.5 and below may allow an authenticated attacker to perform a cross-site scripting attack via crafted HTTP requests. | ||||
| CVE-2022-43909 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 4.6 Medium |
| IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 240905. | ||||
| CVE-2022-43711 | 1 Gxsoftware | 1 Xperiencentral | 2024-11-21 | 6.1 Medium |
| Interactive Forms (IAF) in GX Software XperienCentral versions 10.29.1 until 10.33.0 was vulnerable to cross site scripting attacks (XSS) because the CSP header uses eval() in the script-src. | ||||
| CVE-2022-43688 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 4.8 Medium |
| Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in icons since the Microsoft application tile color is not sanitized. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. | ||||
| CVE-2022-43578 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more | 2024-11-21 | 4.6 Medium |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238683. | ||||
| CVE-2022-43463 | 1 Yikesinc | 1 Custom Product Tabs For Woocommerce | 2024-11-21 | 4.8 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Custom Product Tabs for WooCommerce plugin <= 1.7.9 on WordPress. | ||||