Export limit exceeded: 343925 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45329 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45329 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-35163 | 1 Complete Online Job Search System Project | 1 Complete Online Job Search System | 2024-11-21 | 4.8 Medium |
| Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the U_NAME parameter at /category/controller.php?action=edit. | ||||
| CVE-2022-35162 | 1 Complete Online Job Search System Project | 1 Complete Online Job Search System | 2024-11-21 | 4.8 Medium |
| Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the CATEGORY parameter at /category/controller.php?action=edit. | ||||
| CVE-2022-35151 | 1 Keking | 1 Kkfileview | 2024-11-21 | 6.1 Medium |
| kkFileView v4.1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java. | ||||
| CVE-2022-35144 | 1 Raneto Project | 1 Raneto | 2024-11-21 | 4.8 Medium |
| Renato v0.17.0 was discovered to contain a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2022-35133 | 1 Cherrytree Project | 1 Cherrytree | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node. | ||||
| CVE-2022-35131 | 1 Joplinapp | 1 Joplin | 2024-11-21 | 9.0 Critical |
| Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles. | ||||
| CVE-2022-35118 | 1 Pyrocms | 1 Pyrocms | 2024-11-21 | 6.1 Medium |
| PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities. | ||||
| CVE-2022-35117 | 1 Oretnom23 | 1 Clinic\'s Patient Management System | 2024-11-21 | 4.8 Medium |
| Clinic's Patient Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via update_medicine_details.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Packing text box under the Update Medical Details module. | ||||
| CVE-2022-34993 | 1 Totolink | 2 A3600r, A3600r Firmware | 2024-11-21 | 9.8 Critical |
| Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code password for root in /etc/shadow.sample. | ||||
| CVE-2022-34991 | 1 Techvill | 1 Paymoney | 2024-11-21 | 5.4 Medium |
| Paymoney v3.3 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the first_name and last_name parameters. | ||||
| CVE-2022-34988 | 1 Inoutscripts | 1 Blockchain Altexchanger | 2024-11-21 | 5.4 Medium |
| Inout Blockchain AltExchanger v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/js. | ||||
| CVE-2022-34966 | 1 Openteknik | 1 Open Source Social Network | 2024-11-21 | 7.5 High |
| OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML injection vulnerability via the location parameter at http://ip_address/:port/ossn/home. | ||||
| CVE-2022-34964 | 1 Openteknik | 1 Open Source Social Network | 2024-11-21 | 4.8 Medium |
| OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the SitePages module. | ||||
| CVE-2022-34963 | 1 Openteknik | 1 Open Source Social Network | 2024-11-21 | 5.4 Medium |
| OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the News Feed module. | ||||
| CVE-2022-34962 | 1 Openteknik | 1 Open Source Social Network | 2024-11-21 | 5.4 Medium |
| OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Group Timeline module. | ||||
| CVE-2022-34961 | 1 Openteknik | 1 Open Source Social Network | 2024-11-21 | 5.4 Medium |
| OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Users Timeline module. | ||||
| CVE-2022-34911 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-11-21 | 6.1 Medium |
| An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showSuccessPage() with a message as second parameter, and OutputPage::setPageTitle() uses text(). | ||||
| CVE-2022-34907 | 1 Filewave | 1 Filewave | 2024-11-21 | 9.8 Critical |
| An authentication bypass vulnerability exists in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to gain access to the system with the highest authority possible and gain full control over the FileWave platform. | ||||
| CVE-2022-34906 | 1 Filewave | 1 Filewave | 2024-11-21 | 7.5 High |
| A hard-coded cryptographic key is used in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to decrypt sensitive information saved in FileWave, and even send crafted requests. | ||||
| CVE-2022-34879 | 1 Vicidial | 1 Vicidial | 2024-11-21 | 6.5 Medium |
| Reflected Cross Site Scripting (XSS) vulnerabilities in AST Agent Time Sheet interface (/vicidial/AST_agent_time_sheet.php) of VICIdial via agent, and search_archived_data parameters. This issue affects: VICIdial 2.14b0.5 versions prior to 3555. | ||||