Export limit exceeded: 45786 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45786 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-38295 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 6.1 Medium |
| Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function. | ||||
| CVE-2022-38291 | 1 Slims | 1 Senayan Library Management System | 2024-11-21 | 6.1 Medium |
| SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Search function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search bar. | ||||
| CVE-2022-38256 | 1 Tastyigniter | 1 Tastyigniter | 2024-11-21 | 5.4 Medium |
| TastyIgniter v3.5.0 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2022-38254 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 6.1 Medium |
| Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5. | ||||
| CVE-2022-38251 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 4.8 Medium |
| Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Performance Settings page under the Admin panel. | ||||
| CVE-2022-38249 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 6.1 Medium |
| Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the MTR component in version 1.0.4. | ||||
| CVE-2022-38248 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 6.1 Medium |
| Nagios XI before v5.8.7 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at auditlog.php. | ||||
| CVE-2022-38247 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 4.8 Medium |
| Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Settings page under the Admin panel. | ||||
| CVE-2022-38172 | 1 Servicenow | 1 Servicenow | 2024-11-21 | 6.1 Medium |
| ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytics dashboard. | ||||
| CVE-2022-38116 | 1 Leyan | 1 Salary Management System | 2024-11-21 | 9.8 Critical |
| Le-yan Personnel and Salary Management System has hard-coded database account and password within the website source code. An unauthenticated remote attacker can access, modify system data or disrupt service. | ||||
| CVE-2022-38089 | 1 Exceedone | 2 Exment, Laravel-admin | 2024-11-21 | 5.4 Medium |
| Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script. | ||||
| CVE-2022-38080 | 1 Exceedone | 2 Exment, Laravel-admin | 2024-11-21 | 5.4 Medium |
| Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script. | ||||
| CVE-2022-38075 | 1 Webartesanal | 1 Mantenimiento Web | 2024-11-21 | 6.1 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Mantenimiento web plugin <= 0.13 on WordPress. | ||||
| CVE-2022-37952 | 1 Ge | 1 Workstationst | 2024-11-21 | 4.7 Medium |
| A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST (<v07.09.15) could allow an attacker to compromise a victim's browser. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater. | ||||
| CVE-2022-37896 | 2 Arubanetworks, Siemens | 4 Arubaos, Instant, Scalance W1750d and 1 more | 2024-11-21 | 6.1 Medium |
| A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability. | ||||
| CVE-2022-37892 | 2 Arubanetworks, Siemens | 4 Arubaos, Instant, Scalance W1750d and 1 more | 2024-11-21 | 5.4 Medium |
| A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address this security vulnerability. | ||||
| CVE-2022-37857 | 1 Hauk Project | 1 Hauk | 2024-11-21 | 7.5 High |
| bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded password is hashed but stored within the config.php file server-side as well as in clear-text on the android client device by default. | ||||
| CVE-2022-37841 | 1 Totolink | 2 A860r, A860r Firmware | 2024-11-21 | 7.5 High |
| In TOTOLINK A860R V4.1.2cu.5182_B20201027 there is a hard coded password for root in /etc/shadow.sample. | ||||
| CVE-2022-37830 | 1 Webjet | 1 Webjet Cms | 2024-11-21 | 9.6 Critical |
| Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2022-37796 | 1 Oretnom23 | 1 Simple Online Book Store System | 2024-11-21 | 5.4 Medium |
| In Simple Online Book Store System 1.0 in /admin_book.php the Title, Author, and Description parameters are vulnerable to Cross Site Scripting(XSS). | ||||