Export limit exceeded: 45786 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45786 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-37775 | 1 Genesys | 1 Pureconnect | 2024-11-21 | 6.1 Medium |
| Genesys PureConnect Interaction Web Tools Chat Service (up to at least 26- September- 2019) allows XSS within the Printable Chat History via the participant -> name JSON POST parameter. | ||||
| CVE-2022-37731 | 1 Ftcms | 1 Ftcms | 2024-11-21 | 6.1 Medium |
| ftcms 2.1 poster.PHP has a XSS vulnerability. The attacker inserts malicious JavaScript code into the web page, causing the user / administrator to trigger malicious code when accessing. | ||||
| CVE-2022-37724 | 1 Apple | 1 Webobjects | 2024-11-21 | 6.1 Medium |
| Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces. | ||||
| CVE-2022-37679 | 1 Miniblog.core Project | 1 Miniblog.core | 2024-11-21 | 4.8 Medium |
| Miniblog.Core v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blog/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field. | ||||
| CVE-2022-37431 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 6.1 Medium |
| A Reflected Cross-site scripting (XSS) issue was discovered in dotCMS Core through 22.06. This occurs in the admin portal when the configuration has XSS_PROTECTION_ENABLED=false. NOTE: the vendor disputes this because the current product behavior, in effect, has XSS_PROTECTION_ENABLED=true in all configurations | ||||
| CVE-2022-37318 | 1 Rsa | 1 Archer | 2024-11-21 | 7 High |
| Archer Platform 6.9 SP2 P2 before 6.11 P3 (6.11.0.3) contain a reflected XSS vulnerability. A remote unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious JavaScript code to the vulnerable web application. This code is then reflected to the victim and gets executed by the web browser in the context of the vulnerable web application. 6.10 P4 (6.10.0.4) and 6.11 P2 HF4 (6.11.0.2.4) are also fixed releases. | ||||
| CVE-2022-37317 | 1 Rsa | 1 Archer | 2024-11-21 | 7.6 High |
| Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability. An authenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious code in the context of the web application. 6.10 P4 (6.10.0.4) and 6.11 P2 HF4 (6.11.0.2.4) are also fixed releases. | ||||
| CVE-2022-37254 | 1 Dolphinphp Project | 1 Dolphinphp | 2024-11-21 | 5.4 Medium |
| DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting (XSS) via Background - > System - > system function - > configuration management. | ||||
| CVE-2022-37253 | 1 Crime Reporting System Project | 1 Crime Reporting System | 2024-11-21 | 5.4 Medium |
| Persistent cross-site scripting (XSS) in Crime Reporting System 1.0 allows a remote attacker to introduce arbitary Javascript via manipulation of an unsanitized POST parameter | ||||
| CVE-2022-37251 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | 5.4 Medium |
| Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts. | ||||
| CVE-2022-37248 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | 5.4 Medium |
| Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php. | ||||
| CVE-2022-37247 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | 5.4 Medium |
| Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page. | ||||
| CVE-2022-37245 | 1 Altn | 1 Security Gateway For Email Servers | 2024-11-21 | 5.4 Medium |
| MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the Blacklist endpoint. | ||||
| CVE-2022-37244 | 1 Altn | 1 Security Gateway For Email Servers | 2024-11-21 | 5.4 Medium |
| MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter. after login leads to inject malicious tag leads to IFRAME injection. | ||||
| CVE-2022-37243 | 1 Altn | 1 Security Gateway For Email Servers | 2024-11-21 | 5.4 Medium |
| MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the whitelist endpoint. | ||||
| CVE-2022-37241 | 1 Altn | 1 Security Gateway For Email Servers | 2024-11-21 | 5.4 Medium |
| MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the data_leak_list_ajax endpoint. | ||||
| CVE-2022-37239 | 1 Altn | 1 Security Gateway For Email Servers | 2024-11-21 | 5.4 Medium |
| MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the rulles_list_ajax endpoint. | ||||
| CVE-2022-37238 | 1 Altn | 1 Security Gateway For Email Servers | 2024-11-21 | 5.4 Medium |
| MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the currentRequest parameter. | ||||
| CVE-2022-37183 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 6.1 Medium |
| Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/1940/created-monthly-list. | ||||
| CVE-2022-37162 | 1 Claroline | 1 Claroline | 2024-11-21 | 5.4 Medium |
| Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS). An attacker can obtain javascript code execution by adding arbitrary javascript code in the 'Location' field of a calendar event. | ||||