Export limit exceeded: 35128 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45785 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30839 | 1 Room Rent Portal Site Project | 1 Room Rent Portal Site | 2024-11-21 | 6.1 Medium |
| Room-rent-portal-site v1.0 is vulnerable to Cross Site Scripting (XSS) via /rrps/classes/Master.php?f=save_category, vehicle_name. | ||||
| CVE-2022-30777 | 1 Parallels | 1 H-sphere | 2024-11-21 | 6.1 Medium |
| Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter. | ||||
| CVE-2022-30776 | 1 Atmail | 1 Atmail | 2024-11-21 | 6.1 Medium |
| atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter. | ||||
| CVE-2022-30770 | 1 Terminalfour | 1 Terminalfour | 2024-11-21 | 6.1 Medium |
| Terminalfour versions 8.3.7, 8.3.x versions prior to version 8.3.8 and r 8.2.x versions prior to version 8.2.18.5 or 8.2.18.2.1 are vulnerable to (XSS) vulnerability that could be exploited by an attacker to mislead an administrator and steal their credentials. | ||||
| CVE-2022-30627 | 1 Chcnav | 2 P5e Gnss, P5e Gnss Firmware | 2024-11-21 | 5.7 Medium |
| This vulnerability affects all of the company's products that also include the FW versions: update_i90_cv2.021_b20210104, update_i50_v1.0.55_b20200509, update_x6_v2.1.2_b202001127, update_b5_v2.0.9_b20200706. This vulnerability makes it possible to extract from the FW the existing user passwords on their operating systems and passwords. | ||||
| CVE-2022-30622 | 1 Chcnav | 2 P5e Gnss, P5e Gnss Firmware | 2024-11-21 | 5.3 Medium |
| Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sys_username_passwd.cmd - The server loads the request clearly by default. Disclosure of hard-coded credit information within the JS code sent to the customer within the Login.js file is a strong user (which is not documented) and also the password, which allow for super-user access. Username: chcadmin, Password: chcpassword. | ||||
| CVE-2022-30611 | 2 Ibm, Linux | 2 Spectrum Copy Data Management, Linux Kernel | 2024-11-21 | 5.4 Medium |
| IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using some fields of the form in the portal UI to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 227364. | ||||
| CVE-2022-30604 | 1 Cybozu | 1 Office | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors. | ||||
| CVE-2022-30596 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 5.4 Medium |
| A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk. | ||||
| CVE-2022-30576 | 1 Tibco | 2 Data Science - Workbench, Statistica | 2024-11-21 | 8.7 High |
| The Web Console component of TIBCO Software Inc.'s TIBCO Data Science - Workbench, TIBCO Statistica, TIBCO Statistica - Estore Edition, and TIBCO Statistica Trial contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Data Science - Workbench: versions 14.0.0 and below, TIBCO Statistica: versions 14.0.0 and below, TIBCO Statistica - Estore Edition: versions 14.0.0 and below, and TIBCO Statistica Trial: versions 14.0.0 and below. | ||||
| CVE-2022-30575 | 1 Tibco | 2 Data Science - Workbench, Statistica | 2024-11-21 | 7.3 High |
| The Web Console component of TIBCO Software Inc.'s TIBCO Data Science - Workbench, TIBCO Statistica, TIBCO Statistica - Estore Edition, and TIBCO Statistica Trial contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO Data Science - Workbench: versions 14.0.0 and below, TIBCO Statistica: versions 14.0.0 and below, TIBCO Statistica - Estore Edition: versions 14.0.0 and below, and TIBCO Statistica Trial: versions 14.0.0 and below. | ||||
| CVE-2022-30571 | 1 Tibco | 1 Iway Service Manager | 2024-11-21 | 8.1 High |
| The iWay Service Manager Console component of TIBCO Software Inc.'s TIBCO iWay Service Manager contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO iWay Service Manager: versions 8.0.6 and below. | ||||
| CVE-2022-30533 | 1 Webnus | 1 Modern Events Calendar Lite | 2024-11-21 | 5.4 Medium |
| Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject an arbitrary script via unspecified vectors. | ||||
| CVE-2022-30517 | 1 Mogublog Project | 1 Mogublog | 2024-11-21 | 6.1 Medium |
| Mogu blog 5.2 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2022-30514 | 1 School Dormitory Management System Project | 1 School Dormitory Management System | 2024-11-21 | 6.1 Medium |
| School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:126. | ||||
| CVE-2022-30513 | 1 School Dormitory Management System Project | 1 School Dormitory Management System | 2024-11-21 | 6.1 Medium |
| School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:125 | ||||
| CVE-2022-30494 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2024-11-21 | 5.4 Medium |
| In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs. | ||||
| CVE-2022-30489 | 1 Wavlink | 2 Wn535g3, Wn535g3 Firmware | 2024-11-21 | 6.1 Medium |
| WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi. | ||||
| CVE-2022-30482 | 1 Ecommerce-project-with-php-and-mysqli-fruits-bazar Project | 1 Ecommerce-project-with-php-and-mysqli-fruits-bazar | 2024-11-21 | 4.8 Medium |
| Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- 1.0 is vulnerable to Cross Site Scripting (XSS) in \admin\add_cata.php via the ctg_name parameters. | ||||
| CVE-2022-30464 | 1 Chatbot App With Suggestion Project | 1 Chatbot App With Suggestion | 2024-11-21 | 5.4 Medium |
| ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Site Scripting (XSS) via /simple_chat_bot/classes/Master.php?f=save_response. | ||||