Export limit exceeded: 349389 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45785 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-37160 | 1 Claroline | 1 Claroline | 2024-11-21 | 5.4 Medium |
| Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with administrative rights by opening an SVG file as an administrator user. | ||||
| CVE-2022-37153 | 1 Articatech | 1 Artica Proxy | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password parameter in /fw.login.php. | ||||
| CVE-2022-37150 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2024-11-21 | 5.4 Medium |
| An issue was discovered in Online Diagnostic Lab Management System 1.0. There is a stored XSS vulnerability via firstname, address, middlename, lastname , gender, email, contact parameters. | ||||
| CVE-2022-37059 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary code via Login Field | ||||
| CVE-2022-37044 | 1 Zimbra | 1 Collaboration | 2024-11-21 | 6.1 Medium |
| In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/search?action accepts parameters called extra, title, and onload that are partially sanitised and lead to reflected XSS that allows executing arbitrary JavaScript on the victim's machine. | ||||
| CVE-2022-36967 | 1 Progress | 1 Ipswitch Ws Ftp Server | 2024-11-21 | 6.1 Medium |
| In Progress WS_FTP Server prior to version 8.7.3, multiple reflected cross-site scripting (XSS) vulnerabilities exist in the administrative web interface. It is possible for a remote attacker to inject arbitrary JavaScript into a WS_FTP administrator's web session. This would allow the attacker to execute code within the context of the victim's browser. | ||||
| CVE-2022-36952 | 1 Veritas | 1 Netbackup | 2024-11-21 | 8.4 High |
| In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. | ||||
| CVE-2022-36948 | 1 Veritas | 1 Netbackup | 2024-11-21 | 5.4 Medium |
| In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. | ||||
| CVE-2022-36922 | 1 Jenkins | 1 Lucene-search | 2024-11-21 | 6.1 Medium |
| Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the 'search' result page, resulting in a reflected cross-site scripting (XSS) vulnerability. | ||||
| CVE-2022-36905 | 1 Jenkins | 1 Maven Metadata | 2024-11-21 | 5.4 Medium |
| Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-36902 | 1 Jenkins | 1 Dynamic Extended Choice Parameter | 2024-11-21 | 5.4 Medium |
| Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-36880 | 1 Webmin | 2 Usermin, Webmin | 2024-11-21 | 6.1 Medium |
| The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message. | ||||
| CVE-2022-36859 | 1 Samsung | 1 Smarttagplugin | 2024-11-21 | 5.7 Medium |
| Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.21-6 allows privileged attackers to trigger a XSS on a victim's devices. | ||||
| CVE-2022-36801 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-11-21 | 6.1 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (RXSS) vulnerability in the TeamManagement.jspa endpoint. The affected versions are before version 8.20.8. | ||||
| CVE-2022-36778 | 1 Synel | 1 Eharmony | 2024-11-21 | 6.5 Medium |
| insert HTML / js code inside input how to get to the vulnerable input : Workers > worker nickname > inject in this input the code. | ||||
| CVE-2022-36748 | 1 Picuploader Project | 1 Picuploader | 2024-11-21 | 6.1 Medium |
| PicUploader v2.6.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /master/index.php. | ||||
| CVE-2022-36747 | 1 Cobub | 1 Razor | 2024-11-21 | 6.1 Medium |
| Razor v0.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the function uploadchannel(). | ||||
| CVE-2022-36746 | 1 Librenms | 1 Librenms | 2024-11-21 | 6.1 Medium |
| LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component oxidized-cfg-check.inc.php. | ||||
| CVE-2022-36745 | 1 Librenms | 1 Librenms | 2024-11-21 | 6.1 Medium |
| LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component print-customoid.php. | ||||
| CVE-2022-36672 | 1 Xxyopen | 1 Novel-plus | 2024-11-21 | 9.8 Critical |
| Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. This vulnerability allows attackers to create a custom user session. | ||||