Export limit exceeded: 349373 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45785 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34787 | 1 Jenkins | 1 Project Inheritance | 2024-11-21 | 5.4 Medium |
| Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked. | ||||
| CVE-2022-34786 | 1 Jenkins | 1 Rich Text Publisher | 2024-11-21 | 5.4 Medium |
| Jenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the HTML message set by its post-build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs. | ||||
| CVE-2022-34784 | 1 Jenkins | 1 Build-metrics | 2024-11-21 | 5.4 Medium |
| Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Build/Update permission. | ||||
| CVE-2022-34783 | 1 Jenkins | 1 Plot | 2024-11-21 | 5.4 Medium |
| Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-34778 | 1 Jenkins | 1 Testng Results | 2024-11-21 | 5.4 Medium |
| Jenkins TestNG Results Plugin 554.va4a552116332 and earlier renders the unescaped test descriptions and exception messages provided in test results if certain job-level options are set, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or control test results. | ||||
| CVE-2022-34777 | 1 Jenkins | 1 Gitlab | 2024-11-21 | 5.4 Medium |
| Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-34768 | 1 Supersmart | 1 Supersmart.me - Walk Through | 2024-11-21 | 6.5 Medium |
| insert HTML / js code inside input how to get to the vulnerable input : Workers > worker nickname > inject in this input the code. | ||||
| CVE-2022-34619 | 1 Mealie Project | 1 Mealie | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in Mealie v0.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Shopping Lists item names text field. | ||||
| CVE-2022-34618 | 1 Mealie Project | 1 Mealie | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in Mealie 1.0.0beta3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the recipe description text field. | ||||
| CVE-2022-34611 | 1 Online Fire Reporting System Project | 1 Online Fire Reporting System | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in /index.php/?p=report of Online Fire Reporting System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "Contac #" text field. | ||||
| CVE-2022-34594 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2024-11-21 | 4.8 Medium |
| Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component ip/school/moudel/update_subject.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Subject text field. | ||||
| CVE-2022-34580 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2024-11-21 | 4.8 Medium |
| Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the address parameter at ip/school/index.php. | ||||
| CVE-2022-34550 | 1 Student Information Management System Project | 1 Student Information Management System | 2024-11-21 | 5.4 Medium |
| Sims v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /addNotifyServlet. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the notifyInfo parameter. | ||||
| CVE-2022-34537 | 1 Dw | 2 Megapix, Megapix Firmware | 2024-11-21 | 5.4 Medium |
| Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a cross-site scripting (XSS) vulnerability via the component bia_oneshot.cgi. | ||||
| CVE-2022-34425 | 1 Dell | 1 Enterprise Sonic Distribution | 2024-11-21 | 7.5 High |
| Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication. | ||||
| CVE-2022-34358 | 1 Ibm | 1 I | 2024-11-21 | 5.4 Medium |
| IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 230516. | ||||
| CVE-2022-34336 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | 5.4 Medium |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229714. | ||||
| CVE-2022-34328 | 1 Sigb | 1 Pmb | 2024-11-21 | 6.1 Medium |
| PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_see request to index.php. | ||||
| CVE-2022-34306 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-11-21 | 5.4 Medium |
| IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229435. | ||||
| CVE-2022-34305 | 1 Apache | 1 Tomcat | 2024-11-21 | 6.1 Medium |
| In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability. | ||||