Export limit exceeded: 45330 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45330 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-36801 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-11-21 | 6.1 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (RXSS) vulnerability in the TeamManagement.jspa endpoint. The affected versions are before version 8.20.8. | ||||
| CVE-2022-36778 | 1 Synel | 1 Eharmony | 2024-11-21 | 6.5 Medium |
| insert HTML / js code inside input how to get to the vulnerable input : Workers > worker nickname > inject in this input the code. | ||||
| CVE-2022-36748 | 1 Picuploader Project | 1 Picuploader | 2024-11-21 | 6.1 Medium |
| PicUploader v2.6.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /master/index.php. | ||||
| CVE-2022-36747 | 1 Cobub | 1 Razor | 2024-11-21 | 6.1 Medium |
| Razor v0.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the function uploadchannel(). | ||||
| CVE-2022-36746 | 1 Librenms | 1 Librenms | 2024-11-21 | 6.1 Medium |
| LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component oxidized-cfg-check.inc.php. | ||||
| CVE-2022-36745 | 1 Librenms | 1 Librenms | 2024-11-21 | 6.1 Medium |
| LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component print-customoid.php. | ||||
| CVE-2022-36672 | 1 Xxyopen | 1 Novel-plus | 2024-11-21 | 9.8 Critical |
| Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. This vulnerability allows attackers to create a custom user session. | ||||
| CVE-2022-36668 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | 5.4 Medium |
| Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting (XSS) on several parameters. The vulnerabilities exist during creating or editing the parts under parameters. Using the XSS payload, the Stored XSS triggered and can be used for further attack vector. | ||||
| CVE-2022-36657 | 1 Library Management System Project | 1 Library Management System | 2024-11-21 | 4.8 Medium |
| Library Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /librarian/edit_book_details.php. | ||||
| CVE-2022-36639 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in /client.php of Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | ||||
| CVE-2022-36637 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | 5.4 Medium |
| Garage Management System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the brand_name parameter at /brand.php. | ||||
| CVE-2022-36616 | 1 Totolink | 2 A810r, A810r Firmware | 2024-11-21 | 7.8 High |
| TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | ||||
| CVE-2022-36615 | 1 Totolink | 2 A3000ru, A3000ru Firmware | 2024-11-21 | 7.8 High |
| TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | ||||
| CVE-2022-36614 | 1 Totolink | 2 A860r, A860r Firmware | 2024-11-21 | 7.8 High |
| TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | ||||
| CVE-2022-36613 | 1 Totolink | 2 N600r, N600r Firmware | 2024-11-21 | 7.8 High |
| TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | ||||
| CVE-2022-36612 | 1 Totolink | 2 A950rg, A950rg Firmware | 2024-11-21 | 7.8 High |
| TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | ||||
| CVE-2022-36611 | 1 Totolink | 2 A800r, A800r Firmware | 2024-11-21 | 7.8 High |
| TOTOLINK A800R V4.1.2cu.5137_B20200730 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | ||||
| CVE-2022-36610 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 7.8 High |
| TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | ||||
| CVE-2022-36600 | 1 Blogengine | 1 Blogengine.net | 2024-11-21 | 4.8 Medium |
| BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field. | ||||
| CVE-2022-36583 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 6.1 Medium |
| DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/co_do.php via the dopost, rpok, and aid parameters. | ||||