Export limit exceeded: 45296 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45296 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-29039 | 1 Jenkins | 1 Gerrit Trigger | 2024-11-21 | 5.4 Medium |
| Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-29038 | 1 Jenkins | 1 Extended Choice Parameter | 2024-11-21 | 5.4 Medium |
| Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-29037 | 1 Jenkins | 1 Cvs | 2024-11-21 | 5.4 Medium |
| Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-29036 | 2 Jenkins, Redhat | 2 Credentials, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 1087.1089.v2f1b_9a_b_040e4, 1074.1076.v39c30cecb_0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-29034 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 6.1 Medium |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow attackers to perform reflected cross-site scripting (XSS) attacks. | ||||
| CVE-2022-29020 | 1 Forestblog Project | 1 Forestblog | 2024-11-21 | 6.1 Medium |
| ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar. | ||||
| CVE-2022-29005 | 1 Phpgurukul | 1 Online Birth Certificate System | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname or lname parameters. | ||||
| CVE-2022-29004 | 1 Phpgurukul | 1 E-diary Management System | 2024-11-21 | 6.1 Medium |
| Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php. | ||||
| CVE-2022-28985 | 1 Orangehrm | 1 Orangehrm | 2024-11-21 | 6.3 Medium |
| A stored cross-site scripting (XSS) vulnerability in the addNewPost component of OrangeHRM v4.10.1 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. | ||||
| CVE-2022-28959 | 1 Spip | 1 Spip | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML. | ||||
| CVE-2022-28920 | 1 Moecraft | 1 Tieba-cloud-sign | 2024-11-21 | 4.8 Medium |
| Tieba-Cloud-Sign v4.9 was discovered to contain a cross-site scripting (XSS) vulnerability via the function strip_tags. | ||||
| CVE-2022-28919 | 2 Dokuwiki, Fedoraproject | 2 Dokuwiki, Fedora | 2024-11-21 | 6.1 Medium |
| HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename. | ||||
| CVE-2022-28867 | 1 Nokia | 1 Netact | 2024-11-21 | 5.4 Medium |
| An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /aom/html/EditTemplate.jsf and /aom/html/ViewAllTemplatesPage.jsf templateName parameter is used. | ||||
| CVE-2022-28865 | 1 Nokia | 1 Netact | 2024-11-21 | 5.4 Medium |
| An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /netact/sct filename parameter is used. | ||||
| CVE-2022-28820 | 1 Adobe | 1 Acs Aem Commons | 2024-11-21 | 6.1 Medium |
| ACS Commons version 5.1.x (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in /apps/acs-commons/content/page-compare.html endpoint via the a and b GET parameters. User input submitted via these parameters is not validated or sanitised. An attacker must provide a link to someone with access to AEM Author, and could potentially exploit this vulnerability to inject malicious JavaScript content into vulnerable form fields and execute it within the context of the victim's browser. The exploitation of this issue requires user interaction in order to be successful. | ||||
| CVE-2022-28818 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 6.1 Medium |
| ColdFusion versions CF2021U3 (and earlier) and CF2018U13 are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | ||||
| CVE-2022-28803 | 1 Silverstripe | 1 Silverstripe | 2024-11-21 | 5.4 Medium |
| In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR). | ||||
| CVE-2022-28770 | 1 Sap | 1 Sapui5 Library | 2024-11-21 | 6.1 Medium |
| Due to insufficient input validation, SAPUI5 library(vbm) - versions 750, 753, 754, 755, 75, allows an unauthenticated attacker to inject a script into the URL and execute code. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | ||||
| CVE-2022-28732 | 1 Apache | 1 Jspwiki | 2024-11-21 | 6.1 Medium |
| A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later. | ||||
| CVE-2022-28730 | 1 Apache | 1 Jspwiki | 2024-11-21 | 6.1 Medium |
| A carefully crafted request on AJAXPreview.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. This vulnerability leverages CVE-2021-40369, where the Denounce plugin dangerously renders user-supplied URLs. Upon re-testing CVE-2021-40369, it appears that the patch was incomplete as it was still possible to insert malicious input via the Denounce plugin. Apache JSPWiki users should upgrade to 2.11.3 or later. | ||||