Export limit exceeded: 343860 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 21295 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45327 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45327 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34795 | 1 Jenkins | 1 Deployment Dashboard | 2024-11-21 | 5.4 Medium |
| Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape environment names on its Deployment Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission. | ||||
| CVE-2022-34791 | 1 Jenkins | 1 Validating Email Parameter | 2024-11-21 | 5.4 Medium |
| Jenkins Validating Email Parameter Plugin 1.10 and earlier does not escape the name and description of its parameter type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-34790 | 1 Jenkins | 1 Extreme Feedback Panel | 2024-11-21 | 5.4 Medium |
| Jenkins eXtreme Feedback Panel Plugin 2.0.1 and earlier does not escape the job names used in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-34788 | 1 Jenkins | 1 Matrix Reloaded | 2024-11-21 | 5.4 Medium |
| Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. | ||||
| CVE-2022-34787 | 1 Jenkins | 1 Project Inheritance | 2024-11-21 | 5.4 Medium |
| Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked. | ||||
| CVE-2022-34786 | 1 Jenkins | 1 Rich Text Publisher | 2024-11-21 | 5.4 Medium |
| Jenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the HTML message set by its post-build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs. | ||||
| CVE-2022-34784 | 1 Jenkins | 1 Build-metrics | 2024-11-21 | 5.4 Medium |
| Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Build/Update permission. | ||||
| CVE-2022-34783 | 1 Jenkins | 1 Plot | 2024-11-21 | 5.4 Medium |
| Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-34778 | 1 Jenkins | 1 Testng Results | 2024-11-21 | 5.4 Medium |
| Jenkins TestNG Results Plugin 554.va4a552116332 and earlier renders the unescaped test descriptions and exception messages provided in test results if certain job-level options are set, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or control test results. | ||||
| CVE-2022-34777 | 1 Jenkins | 1 Gitlab | 2024-11-21 | 5.4 Medium |
| Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-34768 | 1 Supersmart | 1 Supersmart.me - Walk Through | 2024-11-21 | 6.5 Medium |
| insert HTML / js code inside input how to get to the vulnerable input : Workers > worker nickname > inject in this input the code. | ||||
| CVE-2022-34619 | 1 Mealie Project | 1 Mealie | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in Mealie v0.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Shopping Lists item names text field. | ||||
| CVE-2022-34618 | 1 Mealie Project | 1 Mealie | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in Mealie 1.0.0beta3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the recipe description text field. | ||||
| CVE-2022-34611 | 1 Online Fire Reporting System Project | 1 Online Fire Reporting System | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in /index.php/?p=report of Online Fire Reporting System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "Contac #" text field. | ||||
| CVE-2022-34594 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2024-11-21 | 4.8 Medium |
| Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component ip/school/moudel/update_subject.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Subject text field. | ||||
| CVE-2022-34580 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2024-11-21 | 4.8 Medium |
| Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the address parameter at ip/school/index.php. | ||||
| CVE-2022-34550 | 1 Student Information Management System Project | 1 Student Information Management System | 2024-11-21 | 5.4 Medium |
| Sims v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /addNotifyServlet. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the notifyInfo parameter. | ||||
| CVE-2022-34537 | 1 Dw | 2 Megapix, Megapix Firmware | 2024-11-21 | 5.4 Medium |
| Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a cross-site scripting (XSS) vulnerability via the component bia_oneshot.cgi. | ||||
| CVE-2022-34425 | 1 Dell | 1 Enterprise Sonic Distribution | 2024-11-21 | 7.5 High |
| Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication. | ||||
| CVE-2022-34358 | 1 Ibm | 1 I | 2024-11-21 | 5.4 Medium |
| IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 230516. | ||||