Export limit exceeded: 45334 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45334 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41132 | 1 Ezoic | 1 Ezoic | 2024-11-21 | 6.1 Medium |
| Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerability in Ezoic plugin <= 2.8.8 on WordPress. | ||||
| CVE-2022-40968 | 1 2kblater | 1 2kb Amazon Affiliates Store | 2024-11-21 | 4.8 Medium |
| Reflected Cross-Site Scripting (XSS) vulnerability in 2kb Amazon Affiliates Store plugin <=2.1.5 on WordPress. | ||||
| CVE-2022-40963 | 1 Themeum | 1 Wp Page Builder | 2024-11-21 | 4.8 Medium |
| Multiple Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerabilities in WP Page Builder plugin <= 1.2.6 on WordPress. | ||||
| CVE-2022-40778 | 1 Opswat | 1 Metadefender | 2024-11-21 | 5.4 Medium |
| A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response. | ||||
| CVE-2022-40744 | 1 Ibm | 1 Aspera Faspex | 2024-11-21 | 4.8 Medium |
| IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236441. | ||||
| CVE-2022-40714 | 1 Nokia | 1 1350 Optical Management System | 2024-11-21 | 6.1 Medium |
| An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /oms1350/* endpoints. | ||||
| CVE-2022-40698 | 1 Expresstech | 1 Quiz And Survey Master | 2024-11-21 | 5.4 Medium |
| Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress. | ||||
| CVE-2022-40694 | 1 Storeapps | 1 News Announcement Scroll | 2024-11-21 | 4.8 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in News Announcement Scroll plugin <= 8.8.8 on WordPress. | ||||
| CVE-2022-40680 | 1 Fortinet | 1 Fortios | 2024-11-21 | 3.8 Low |
| A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiOS 6.0.7 - 6.0.15, 6.2.2 - 6.2.12, 6.4.0 - 6.4.9 and 7.0.0 - 7.0.3 allows a privileged attacker to execute unauthorized code or commands via storing malicious payloads in replacement messages. | ||||
| CVE-2022-40676 | 1 Fortinet | 1 Fortinac | 2024-11-21 | 7.1 High |
| A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests. | ||||
| CVE-2022-40631 | 1 Siemens | 60 Scalance X200-4p Irt, Scalance X200-4p Irt Firmware, Scalance X201-3p Irt and 57 more | 2024-11-21 | 6.1 Medium |
| A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT (All versions < V5.5.0), SCALANCE X202-2P IRT (All versions < V5.5.0), SCALANCE X202-2P IRT PRO (All versions < V5.5.0), SCALANCE X204-2 (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X204IRT (All versions < V5.5.0), SCALANCE X204IRT PRO (All versions < V5.5.0), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < V5.5.0), SCALANCE XF202-2P IRT (All versions < V5.5.0), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204-2 (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < V5.5.0), SCALANCE XF204IRT (All versions < V5.5.0), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.0). There is a cross-site scripting vulnerability on the affected devices, that if used by a threat actor, it could result in session hijacking. | ||||
| CVE-2022-40626 | 2 Fedoraproject, Zabbix | 2 Fedora, Zabbix | 2024-11-21 | 4.8 Medium |
| An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend. | ||||
| CVE-2022-40440 | 1 Jgraph | 1 Mxgraph | 2024-11-21 | 6.1 Medium |
| mxGraph v4.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the setTooltips() function. | ||||
| CVE-2022-40365 | 1 Gocron Project | 1 Gocron | 2024-11-21 | 6.1 Medium |
| Cross site scripting (XSS) vulnerability in ouqiang gocron through 1.5.3, allows attackers to execute arbitrary code via scope.row.hostname in web/vue/src/pages/taskLog/list.vue. | ||||
| CVE-2022-40325 | 1 Sysaid | 1 Help Desk | 2024-11-21 | 6.1 Medium |
| SysAid Help Desk before 22.1.65 allows XSS via the Asset Dashboard, aka FR# 67262. | ||||
| CVE-2022-40324 | 1 Sysaid | 1 Help Desk | 2024-11-21 | 6.1 Medium |
| SysAid Help Desk before 22.1.65 allows XSS via the Linked SRs field, aka FR# 67258. | ||||
| CVE-2022-40323 | 1 Sysaid | 1 Help Desk | 2024-11-21 | 6.1 Medium |
| SysAid Help Desk before 22.1.65 allows XSS in the Password Services module, aka FR# 67241. | ||||
| CVE-2022-40322 | 1 Sysaid | 1 Help Desk | 2024-11-21 | 6.1 Medium |
| SysAid Help Desk before 22.1.65 allows XSS, aka FR# 66542 and 65579. | ||||
| CVE-2022-40317 | 1 Openkm | 1 Openkm | 2024-11-21 | 5.4 Medium |
| OpenKM 6.3.11 allows stored XSS related to the javascript: substring in an A element. | ||||
| CVE-2022-40257 | 1 Cert | 1 Vince | 2024-11-21 | 5.4 Medium |
| An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via a crafted email with HTML content in the Subject field. | ||||