Export limit exceeded: 343974 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45330 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45330 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-37243 | 1 Altn | 1 Security Gateway For Email Servers | 2024-11-21 | 5.4 Medium |
| MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the whitelist endpoint. | ||||
| CVE-2022-37241 | 1 Altn | 1 Security Gateway For Email Servers | 2024-11-21 | 5.4 Medium |
| MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the data_leak_list_ajax endpoint. | ||||
| CVE-2022-37239 | 1 Altn | 1 Security Gateway For Email Servers | 2024-11-21 | 5.4 Medium |
| MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the rulles_list_ajax endpoint. | ||||
| CVE-2022-37238 | 1 Altn | 1 Security Gateway For Email Servers | 2024-11-21 | 5.4 Medium |
| MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the currentRequest parameter. | ||||
| CVE-2022-37183 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 6.1 Medium |
| Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/1940/created-monthly-list. | ||||
| CVE-2022-37162 | 1 Claroline | 1 Claroline | 2024-11-21 | 5.4 Medium |
| Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS). An attacker can obtain javascript code execution by adding arbitrary javascript code in the 'Location' field of a calendar event. | ||||
| CVE-2022-37161 | 1 Claroline | 1 Claroline | 2024-11-21 | 6.1 Medium |
| Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) via SVG file upload. | ||||
| CVE-2022-37160 | 1 Claroline | 1 Claroline | 2024-11-21 | 5.4 Medium |
| Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with administrative rights by opening an SVG file as an administrator user. | ||||
| CVE-2022-37153 | 1 Articatech | 1 Artica Proxy | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password parameter in /fw.login.php. | ||||
| CVE-2022-37150 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2024-11-21 | 5.4 Medium |
| An issue was discovered in Online Diagnostic Lab Management System 1.0. There is a stored XSS vulnerability via firstname, address, middlename, lastname , gender, email, contact parameters. | ||||
| CVE-2022-37059 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary code via Login Field | ||||
| CVE-2022-37044 | 1 Zimbra | 1 Collaboration | 2024-11-21 | 6.1 Medium |
| In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/search?action accepts parameters called extra, title, and onload that are partially sanitised and lead to reflected XSS that allows executing arbitrary JavaScript on the victim's machine. | ||||
| CVE-2022-36967 | 1 Progress | 1 Ipswitch Ws Ftp Server | 2024-11-21 | 6.1 Medium |
| In Progress WS_FTP Server prior to version 8.7.3, multiple reflected cross-site scripting (XSS) vulnerabilities exist in the administrative web interface. It is possible for a remote attacker to inject arbitrary JavaScript into a WS_FTP administrator's web session. This would allow the attacker to execute code within the context of the victim's browser. | ||||
| CVE-2022-36952 | 1 Veritas | 1 Netbackup | 2024-11-21 | 8.4 High |
| In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. | ||||
| CVE-2022-36948 | 1 Veritas | 1 Netbackup | 2024-11-21 | 5.4 Medium |
| In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. | ||||
| CVE-2022-36922 | 1 Jenkins | 1 Lucene-search | 2024-11-21 | 6.1 Medium |
| Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the 'search' result page, resulting in a reflected cross-site scripting (XSS) vulnerability. | ||||
| CVE-2022-36905 | 1 Jenkins | 1 Maven Metadata | 2024-11-21 | 5.4 Medium |
| Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-36902 | 1 Jenkins | 1 Dynamic Extended Choice Parameter | 2024-11-21 | 5.4 Medium |
| Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-36880 | 1 Webmin | 2 Usermin, Webmin | 2024-11-21 | 6.1 Medium |
| The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message. | ||||
| CVE-2022-36859 | 1 Samsung | 1 Smarttagplugin | 2024-11-21 | 5.7 Medium |
| Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.21-6 allows privileged attackers to trigger a XSS on a victim's devices. | ||||