Export limit exceeded: 349408 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45786 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45786 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3138 | 1 Diagrams | 1 Drawio | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio prior to 20.3.0. | ||||
| CVE-2022-3137 | 1 Taskbuilder | 1 Taskbuilder | 2024-11-21 | 5.4 Medium |
| The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user (such as subscriber) creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file | ||||
| CVE-2022-3136 | 1 Wpsocialrocket | 1 Social Rocket | 2024-11-21 | 4.8 Medium |
| The Social Rocket WordPress plugin before 1.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-3132 | 1 Goolytics Project | 1 Goolytics | 2024-11-21 | 4.8 Medium |
| The Goolytics WordPress plugin before 1.1.2 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2022-3128 | 1 Donation Thermometer Project | 1 Donation Thermometer | 2024-11-21 | 4.8 Medium |
| The Donation Thermometer WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-3127 | 1 Diagrams | 1 Drawio | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.2.8. | ||||
| CVE-2022-3123 | 2 Dokuwiki, Fedoraproject | 2 Dokuwiki, Fedora | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a. | ||||
| CVE-2022-3072 | 1 Rosariosis | 1 Rosariosis | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3. | ||||
| CVE-2022-3036 | 1 Gettext Override Translations Project | 1 Gettext Override Translations | 2024-11-21 | 4.8 Medium |
| The Gettext override translations WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-3035 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11. | ||||
| CVE-2022-3021 | 1 Diywebmastery | 1 Slickr Flickr | 2024-11-21 | 4.8 Medium |
| The Slickr Flickr WordPress plugin through 2.8.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2022-3002 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | ||||
| CVE-2022-39988 | 1 Centreon | 1 Centreon | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Centreon 22.04.0 allows attackers to execute arbitrary web script or HTML via a crafted payload injected into the Service>Templates service_alias parameter. | ||||
| CVE-2022-39950 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | 8 High |
| An improper neutralization of input during web page generation vulnerability [CWE-79] exists in FortiManager and FortiAnalyzer 6.0.0 all versions, 6.2.0 all versions, 6.4.0 through 6.4.8, and 7.0.0 through 7.0.4. Report templates may allow a low privilege level attacker to perform an XSS attack via posting a crafted CKeditor "protected" comment as described in CVE-2020-9281. | ||||
| CVE-2022-39840 | 1 Cotonti | 1 Cotonti Siena | 2024-11-21 | 4.8 Medium |
| Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a direct message (DM). | ||||
| CVE-2022-39839 | 1 Cotonti | 1 Cotonti Siena | 2024-11-21 | 4.8 Medium |
| Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a forum post. | ||||
| CVE-2022-39824 | 1 Appsmith | 1 Appsmith | 2024-11-21 | 8.9 High |
| Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code from the server via the currentItem property of the list widget, e.g., to perform DoS attacks or achieve an information leak. | ||||
| CVE-2022-39810 | 1 Wso2 | 1 Enterprise Integrator | 2024-11-21 | 6.1 Medium |
| An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console under /carbon/ndatasource/validateconnection/ajaxprocessor.jsp via the driver parameter. Session hijacking or similar attacks would not be possible. | ||||
| CVE-2022-39809 | 1 Wso2 | 1 Enterprise Integrator | 2024-11-21 | 6.1 Medium |
| An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console under /carbon/mediation_secure_vault/properties/ajaxprocessor.jsp via the name parameter. Session hijacking or similar attacks would not be possible. | ||||
| CVE-2022-39800 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | 6.1 Medium |
| SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | ||||