Export limit exceeded: 343836 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45326 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45326 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34178 | 1 Jenkins | 1 Embeddable Build Status | 2024-11-21 | 6.1 Medium |
| Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link' query parameter that build status badges will link to, without restricting possible values, resulting in a reflected cross-site scripting (XSS) vulnerability. | ||||
| CVE-2022-34176 | 2 Jenkins, Redhat | 2 Junit, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission. | ||||
| CVE-2022-34173 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 5.4 Medium |
| In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | ||||
| CVE-2022-34172 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 5.4 Medium |
| In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2022-34171 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 5.4 Medium |
| In Jenkins 2.321 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' (until Jenkins 2.334) and 'alt' attribute of 'l:icon' (since Jenkins 2.335) without further escaping, resulting in a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2022-34170 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 5.4 Medium |
| In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | ||||
| CVE-2022-34167 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-11-21 | 5.4 Medium |
| IBM CICS TX Standard and Advanced 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229432. | ||||
| CVE-2022-34166 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-11-21 | 5.4 Medium |
| IBM CICS TX Standard and Advanced 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229430. | ||||
| CVE-2022-34163 | 1 Ibm | 1 Cics Tx | 2024-11-21 | 6.1 Medium |
| IBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229333. | ||||
| CVE-2022-34160 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-11-21 | 5.4 Medium |
| IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 229330. | ||||
| CVE-2022-34151 | 1 Omron | 113 Na5-12w, Na5-12w Firmware, Na5-15w and 110 more | 2024-11-21 | 8.1 High |
| Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who successfully obtained the user credentials by analyzing the affected product to access the controller. | ||||
| CVE-2022-34140 | 1 Feehi | 1 Feehi Cms | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field. | ||||
| CVE-2022-34094 | 1 Softwarepublico | 1 I3geo | 2024-11-21 | 6.1 Medium |
| Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via request_token.php. | ||||
| CVE-2022-34093 | 1 Softwarepublico | 1 I3geo | 2024-11-21 | 6.1 Medium |
| Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via access_token.php. | ||||
| CVE-2022-34092 | 1 Softwarepublico | 1 I3geo | 2024-11-21 | 6.1 Medium |
| Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via svg2img.php. | ||||
| CVE-2022-34048 | 1 Wavlink | 2 Wn533a8, Wn533a8 Firmware | 2024-11-21 | 6.1 Medium |
| Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login_page parameter. | ||||
| CVE-2022-34045 | 1 Wavlink | 2 Wl-wn530hg4, Wl-wn530hg4 Firmware | 2024-11-21 | 9.8 Critical |
| Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh. | ||||
| CVE-2022-34025 | 1 Vestacp | 1 Vesta Control Panel | 2024-11-21 | 6.1 Medium |
| Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the post function at /web/api/v1/upload/UploadHandler.php. | ||||
| CVE-2022-34009 | 2 Fossil-scm, Microsoft | 2 Fossil, Windows | 2024-11-21 | 5.5 Medium |
| Fossil 2.18 on Windows allows attackers to cause a denial of service (daemon crash) via an XSS payload in a ticket. This occurs because the ticket data is stored in a temporary file, and the product does not properly handle the absence of this file after Windows Defender has flagged it as malware. | ||||
| CVE-2022-34007 | 1 Eqs | 1 Integrity Line | 2024-11-21 | 6.1 Medium |
| EQS Integrity Line Professional through 2022-07-01 allows a stored XSS via a crafted whistleblower entry. | ||||