Export limit exceeded: 343831 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45322 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45322 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-33910 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 5.4 Medium |
| An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, file_download.php opens the SVG document in a browser tab instead of downloading it as a file, causing the JavaScript code to execute. | ||||
| CVE-2022-33157 | 1 Libconnect Project | 1 Libconnect | 2024-11-21 | 6.1 Medium |
| The libconnect extension before 7.0.8 and 8.x before 8.1.0 for TYPO3 allows XSS. | ||||
| CVE-2022-33156 | 1 Matomo | 1 Integration | 2024-11-21 | 6.1 Medium |
| The matomo_integration (aka Matomo Integration) extension before 1.3.2 for TYPO3 allows XSS. | ||||
| CVE-2022-33155 | 1 Ameos Tarteaucitron Project | 1 Ameos Tarteaucitron | 2024-11-21 | 5.4 Medium |
| The ameos_tarteaucitron (aka AMEOS - TarteAuCitron GDPR cookie banner and tracking management / French RGPD compatible) extension before 1.2.23 for TYPO3 allows XSS. | ||||
| CVE-2022-33154 | 1 Schema Project | 1 Schema | 2024-11-21 | 5.4 Medium |
| The schema (aka Embedding schema.org vocabulary) extension before 1.13.1 and 2.x before 2.5.1 for TYPO3 allows XSS. | ||||
| CVE-2022-33151 | 1 Cybozu | 1 Office | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors. | ||||
| CVE-2022-33122 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login page. | ||||
| CVE-2022-33119 | 1 Nuuo | 2 Nvrsolo, Nvrsolo Firmware | 2024-11-21 | 6.1 Medium |
| NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via login.php. | ||||
| CVE-2022-33113 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 5.4 Medium |
| Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module. | ||||
| CVE-2022-33098 | 1 Magnolia-cms | 1 Magnolia Cms | 2024-11-21 | 6.1 Medium |
| Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2022-33075 | 1 Phpgurukul | 1 Zoo Management System | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Add Classification function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via unspecified vectors. | ||||
| CVE-2022-33043 | 1 Urtracker | 1 Urtracker | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in the batch add function of Urtracker Premium v4.0.1.1477 allows attackers to execute arbitrary web scripts or HTML via a crafted excel file. | ||||
| CVE-2022-33009 | 1 Lightcms Project | 1 Lightcms | 2024-11-21 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file. | ||||
| CVE-2022-33005 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field. | ||||
| CVE-2022-32988 | 1 Asus | 2 Dsl-n14u-b1, Dsl-n14u-b1 Firmware | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 via the "*list" parameters (e.g. filter_lwlist, keyword_rulelist, etc) in every ".asp" page containing a list of stored strings. The following asp files are affected: (1) cgi-bin/APP_Installation.asp, (2) cgi-bin/Advanced_ACL_Content.asp, (3) cgi-bin/Advanced_ADSL_Content.asp, (4) cgi-bin/Advanced_ASUSDDNS_Content.asp, (5) cgi-bin/Advanced_AiDisk_ftp.asp, (6) cgi-bin/Advanced_AiDisk_samba.asp, (7) cgi-bin/Advanced_DSL_Content.asp, (8) cgi-bin/Advanced_Firewall_Content.asp, (9) cgi-bin/Advanced_FirmwareUpgrade_Content.asp, (10) cgi-bin/Advanced_GWStaticRoute_Content.asp, (11) cgi-bin/Advanced_IPTV_Content.asp, (12) cgi-bin/Advanced_IPv6_Content.asp, (13) cgi-bin/Advanced_KeywordFilter_Content.asp, (14) cgi-bin/Advanced_LAN_Content.asp, (15) cgi-bin/Advanced_Modem_Content.asp, (16) cgi-bin/Advanced_PortTrigger_Content.asp, (17) cgi-bin/Advanced_QOSUserPrio_Content.asp, (18) cgi-bin/Advanced_QOSUserRules_Content.asp, (19) cgi-bin/Advanced_SettingBackup_Content.asp, (20) cgi-bin/Advanced_System_Content.asp, (21) cgi-bin/Advanced_URLFilter_Content.asp, (22) cgi-bin/Advanced_VPN_PPTP.asp, (23) cgi-bin/Advanced_VirtualServer_Content.asp, (24) cgi-bin/Advanced_WANPort_Content.asp, (25) cgi-bin/Advanced_WAdvanced_Content.asp, (26) cgi-bin/Advanced_WMode_Content.asp, (27) cgi-bin/Advanced_WWPS_Content.asp, (28) cgi-bin/Advanced_Wireless_Content.asp, (29) cgi-bin/Bandwidth_Limiter.asp, (30) cgi-bin/Guest_network.asp, (31) cgi-bin/Main_AccessLog_Content.asp, (32) cgi-bin/Main_AdslStatus_Content.asp, (33) cgi-bin/Main_Spectrum_Content.asp, (34) cgi-bin/Main_WebHistory_Content.asp, (35) cgi-bin/ParentalControl.asp, (36) cgi-bin/QIS_wizard.asp, (37) cgi-bin/QoS_EZQoS.asp, (38) cgi-bin/aidisk.asp, (39) cgi-bin/aidisk/Aidisk-1.asp, (40) cgi-bin/aidisk/Aidisk-2.asp, (41) cgi-bin/aidisk/Aidisk-3.asp, (42) cgi-bin/aidisk/Aidisk-4.asp, (43) cgi-bin/blocking.asp, (44) cgi-bin/cloud_main.asp, (45) cgi-bin/cloud_router_sync.asp, (46) cgi-bin/cloud_settings.asp, (47) cgi-bin/cloud_sync.asp, (48) cgi-bin/device-map/DSL_dashboard.asp, (49) cgi-bin/device-map/clients.asp, (50) cgi-bin/device-map/disk.asp, (51) cgi-bin/device-map/internet.asp, (52) cgi-bin/error_page.asp, (53) cgi-bin/index.asp, (54) cgi-bin/index2.asp, (55) cgi-bin/qis/QIS_PTM_manual_setting.asp, (56) cgi-bin/qis/QIS_admin_pass.asp, (57) cgi-bin/qis/QIS_annex_setting.asp, (58) cgi-bin/qis/QIS_bridge_cfg_tmp.asp, (59) cgi-bin/qis/QIS_detect.asp, (60) cgi-bin/qis/QIS_finish.asp, (61) cgi-bin/qis/QIS_ipoa_cfg_tmp.asp, (62) cgi-bin/qis/QIS_manual_setting.asp, (63) cgi-bin/qis/QIS_mer_cfg.asp, (64) cgi-bin/qis/QIS_mer_cfg_tmp.asp, (65) cgi-bin/qis/QIS_ppp_cfg.asp, (66) cgi-bin/qis/QIS_ppp_cfg_tmp.asp, (67) cgi-bin/qis/QIS_wireless.asp, (68) cgi-bin/query_wan_status.asp, (69) cgi-bin/query_wan_status2.asp, and (70) cgi-bin/start_apply.asp. | ||||
| CVE-2022-32987 | 1 Simple Bakery Shop Management System Project | 1 Simple Bakery Shop Management System | 2024-11-21 | 4.8 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in /bsms/?page=manage_account of Simple Bakery Shop Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username or Full Name fields. | ||||
| CVE-2022-32985 | 1 Nexans | 26 Gigaswitch 641 Desk V5 Sfp-vi, Gigaswitch 641 Desk V5 Sfp-vi Firmware, Gigaswitch 642 Desk V5 Sfp-2vi and 23 more | 2024-11-21 | 9.8 Critical |
| libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201. | ||||
| CVE-2022-32965 | 1 Omicard Edm Project | 1 Omicard Edm | 2024-11-21 | 9.8 Critical |
| OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service. | ||||
| CVE-2022-32776 | 1 Wpadvancedads | 1 Advanced Ads - Ad Manager \& Adsense | 2024-11-21 | 4.8 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Advanced Ads GmbH Advanced Ads – Ad Manager & AdSense plugin <= 1.31.1 on WordPress. | ||||
| CVE-2022-32754 | 1 Ibm | 1 Security Verify Directory | 2024-11-21 | 4.8 Medium |
| IBM Security Verify Directory 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228445. | ||||