Export limit exceeded: 45785 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45785 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-31456 | 1 Truedesk | 1 Truedesk | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the team name parameter. | ||||
| CVE-2022-31455 | 1 Truedesk | 1 Truedesk | 2024-11-21 | 6.1 Medium |
| * A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a user chat box. | ||||
| CVE-2022-31454 | 1 Yiiframework | 1 Yii | 2024-11-21 | 6.1 Medium |
| Yii 2 v2.0.45 was discovered to contain a cross-site scripting (XSS) vulnerability via the endpoint /books. NOTE: this is disputed by the vendor because the cve-2022-31454-8e8555c31fd3 page does not describe why /books has a relationship to Yii 2. | ||||
| CVE-2022-31403 | 1 Combodo | 1 Itop | 2024-11-21 | 6.1 Medium |
| ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/pages/ajax.render.php. | ||||
| CVE-2022-31402 | 1 Combodo | 1 Itop | 2024-11-21 | 6.1 Medium |
| ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/webservices/export-v2.php. | ||||
| CVE-2022-31400 | 1 Helpdeskz | 1 Helpdeskz | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in /staff/setup/email-addresses of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field. | ||||
| CVE-2022-31398 | 1 Helpdeskz | 1 Helpdeskz | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in /staff/tools/custom-fields of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field. | ||||
| CVE-2022-31373 | 1 Contec | 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware | 2024-11-21 | 6.1 Medium |
| SolarView Compact v6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Solar_AiConf.php. | ||||
| CVE-2022-31322 | 1 Pentasecurity | 1 Wapples | 2024-11-21 | 7.8 High |
| Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges via overwriting files using SUID flagged executables. | ||||
| CVE-2022-31303 | 1 Maccms | 1 Maccms | 2024-11-21 | 5.4 Medium |
| maccms10 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field. | ||||
| CVE-2022-31302 | 1 Maccms | 1 Maccms | 2024-11-21 | 5.4 Medium |
| maccms8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field. | ||||
| CVE-2022-31301 | 1 Angtech | 1 Haraj | 2024-11-21 | 5.4 Medium |
| Haraj v3.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Post Ads component. | ||||
| CVE-2022-31300 | 1 Angtech | 1 Haraj | 2024-11-21 | 5.4 Medium |
| A cross-site scripting vulnerability in the DM Section component of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. | ||||
| CVE-2022-31299 | 1 Angtech | 1 Haraj | 2024-11-21 | 6.1 Medium |
| Haraj v3.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the User Upgrade Form. | ||||
| CVE-2022-31298 | 1 Angtech | 1 Haraj | 2024-11-21 | 5.4 Medium |
| A cross-site scripting vulnerability in the ads comment section of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. | ||||
| CVE-2022-31290 | 1 Withknown | 1 Known | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Known v1.2.2+2020061101 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field. | ||||
| CVE-2022-31269 | 1 Nortekcontrol | 2 Emerge E3, Emerge E3 Firmware | 2024-11-21 | 8.2 High |
| Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. (This occurs in situations where the CVE-2019-7271 default credentials have been changed.) | ||||
| CVE-2022-31210 | 1 Infiray | 2 Iray-a8z3, Iray-a8z3 Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/set_param.cgi contains hardcoded credentials to the web application. Because these accounts cannot be deactivated or have their passwords changed, they are considered to be backdoor accounts. | ||||
| CVE-2022-31201 | 1 Monitoringsoft | 1 Softguard Web | 2024-11-21 | 5.4 Medium |
| SoftGuard Web (SGW) before 5.1.5 allows HTML injection. | ||||
| CVE-2022-31200 | 1 Atmail | 1 Atmail | 2024-11-21 | 6.1 Medium |
| Atmail 5.62 allows XSS via the mail/parse.php?file=html/$this-%3ELanguage/help/filexp.html&FirstLoad=1&HelpFile=file.html Search Terms field. | ||||