Export limit exceeded: 45785 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45785 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-35714 | 1 Ibm | 1 Maximo Asset Management | 2024-11-21 | 5.4 Medium |
| IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231116. | ||||
| CVE-2022-35655 | 1 Pega | 1 Pega Platform | 2024-11-21 | 6.1 Medium |
| Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting. | ||||
| CVE-2022-35654 | 1 Pega | 1 Pega Platform | 2024-11-21 | 6.1 Medium |
| Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter. | ||||
| CVE-2022-35653 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 6.1 Medium |
| A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not impact authenticated users. | ||||
| CVE-2022-35651 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 6.1 Medium |
| A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. | ||||
| CVE-2022-35632 | 1 Rapid7 | 1 Velociraptor | 2024-11-21 | 4.8 Medium |
| The Velociraptor GUI contains an editor suggestion feature that can display the description field of a VQL function, plugin or artifact. This field was not properly sanitized and can lead to cross-site scripting (XSS). This issue was resolved in Velociraptor 0.6.5-2. | ||||
| CVE-2022-35630 | 1 Rapid7 | 1 Velociraptor | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) issue in generating a collection report made it possible for malicious clients to inject JavaScript code into the static HTML file. This issue was resolved in Velociraptor 0.6.5-2. | ||||
| CVE-2022-35590 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "end_date" Parameter | ||||
| CVE-2022-35589 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_time" Parameter. | ||||
| CVE-2022-35587 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_date" Parameter | ||||
| CVE-2022-35585 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 4.8 Medium |
| A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "start_date" Parameter | ||||
| CVE-2022-35582 | 1 Pentasecurity | 1 Wapples | 2024-11-21 | 8.8 High |
| Penta Security Systems Inc WAPPLES 4.0.*, 5.0.0.*, 5.0.12.* are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predefined password. The password for this user, as well as its existence, is not disclosed in the documentation. Knowing the credentials, attackers can use this feature to gain uncontrolled access to the device and therefore are considered an undocumented possibility for remote control. | ||||
| CVE-2022-35569 | 1 Blogifier | 1 Blogifier | 2024-11-21 | 4.8 Medium |
| Blogifier v3.0 was discovered to contain an arbitrary file upload vulnerability at /api/storage/upload/PostImage. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted file. | ||||
| CVE-2022-35554 | 1 Bpcbt | 1 Smartvista | 2024-11-21 | 6.1 Medium |
| Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side. | ||||
| CVE-2022-35540 | 1 Dotnetcore | 1 Agileconfig | 2024-11-21 | 9.8 Critical |
| Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access. | ||||
| CVE-2022-35509 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 5.4 Medium |
| An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an attacker to execute arbitrary Web scripts or HTML by injecting a special payload via the title parameter in the foreground contribution, allowing the attacker to obtain sensitive information. | ||||
| CVE-2022-35493 | 1 Wrteam | 1 Eshop - Ecommerce \/ Store Website | 2024-11-21 | 6.1 Medium |
| A Cross-site scripting (XSS) vulnerability in json search parse and the json response in wrteam.in, eShop - Multipurpose Ecommerce Store Website version 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the get_products?search parameter. | ||||
| CVE-2022-35491 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample. | ||||
| CVE-2022-35416 | 1 H3c | 1 Ssl Vpn | 2024-11-21 | 6.1 Medium |
| H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS. | ||||
| CVE-2022-35413 | 1 Pentasecurity | 1 Wapples | 2024-11-21 | 9.8 Critical |
| WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001. | ||||