Export limit exceeded: 45760 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45760 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-27105 | 1 Digitus | 1 Inmailx | 2024-11-21 | 5.4 Medium |
| InMailX Outlook Plugin < 3.22.0101 is vulnerable to Cross Site Scripting (XSS). InMailX Connection names are not sanitzed in the Outlook tab, which allows a local user or network administrator to execute HTML / Javascript in the Outlook of users. | ||||
| CVE-2022-27103 | 1 Element-plus | 1 Element-plus | 2024-11-21 | 6.1 Medium |
| element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS) via el-table-column. | ||||
| CVE-2022-27063 | 1 Aerocms Project | 1 Aerocms | 2024-11-21 | 6.1 Medium |
| AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field. | ||||
| CVE-2022-27062 | 1 Aerocms Project | 1 Aerocms | 2024-11-21 | 4.8 Medium |
| AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field. | ||||
| CVE-2022-26980 | 1 Teampass | 1 Teampass | 2024-11-21 | 6.1 Medium |
| Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO. | ||||
| CVE-2022-26978 | 1 Barco | 1 Control Room Management Suite | 2024-11-21 | 6.1 Medium |
| Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint. The os_username parameters is not correctly sanitized, leading to reflected XSS. | ||||
| CVE-2022-26977 | 1 Barco | 1 Control Room Management Suite | 2024-11-21 | 6.1 Medium |
| Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization of the upload mechanism is leads to stored XSS. | ||||
| CVE-2022-26976 | 1 Barco | 1 Control Room Management Suite | 2024-11-21 | 5.4 Medium |
| Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS. | ||||
| CVE-2022-26974 | 1 Barco | 1 Control Room Management Suite | 2024-11-21 | 6.1 Medium |
| Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a file upload mechanism. Lack of input sanitization in the upload mechanism leads to reflected XSS. | ||||
| CVE-2022-26972 | 1 Barco | 1 Control Room Management Suite | 2024-11-21 | 6.1 Medium |
| Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to reflected XSS. | ||||
| CVE-2022-26951 | 1 Rsa | 1 Archer | 2024-11-21 | 6.5 Medium |
| Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerability. A remote SAML-unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and gets executed by the web browser in the context of the vulnerable web application. | ||||
| CVE-2022-26947 | 1 Rsa | 1 Archer | 2024-11-21 | 6.3 Medium |
| Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and gets executed by the web browser in the context of the vulnerable web application. | ||||
| CVE-2022-26874 | 2 Debian, Horde | 2 Debian Linux, Horde Mime Viewer | 2024-11-21 | 5.4 Medium |
| lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering. | ||||
| CVE-2022-26866 | 1 Dell | 1 Powerstoreos | 2024-11-21 | 5.5 Medium |
| Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site Scripting vulnerability. A high privileged network attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | ||||
| CVE-2022-26673 | 1 Asus | 2 Rt-ax88u, Rt-ax88u Firmware | 2024-11-21 | 5.4 Medium |
| ASUS RT-AX88U has insufficient filtering for special characters in the HTTP header parameter. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform Stored Cross-Site Scripting (XSS) attacks. | ||||
| CVE-2022-26672 | 1 Asus | 1 Webstorage | 2024-11-21 | 7.3 High |
| ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote attacker can use this token to establish connections with the server and carry out login attempts to general user accounts. A successful login to a general user account allows the attacker to access, modify or delete this user account information. | ||||
| CVE-2022-26671 | 1 Secom | 2 Dr.id Access Control, Dr.id Attendance System | 2024-11-21 | 7.3 High |
| Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service. | ||||
| CVE-2022-26660 | 1 Robotronic | 1 Runasspc | 2024-11-21 | 7.5 High |
| RunAsSpc 4.0 uses a universal and recoverable encryption key. In possession of a file encrypted by RunAsSpc, an attacker can recover the credentials that were used. | ||||
| CVE-2022-26624 | 1 Ecommerce Codeigniter Bootstrap Project | 1 Ecommerce Codeigniter Bootstrap | 2024-11-21 | 6.1 Medium |
| Bootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Title parameter in /vendor/views/add_product.php. | ||||
| CVE-2022-26616 | 1 Public Knowledge Project | 1 Open Journal Systems | 2024-11-21 | 6.1 Medium |
| PKP Vendor Open Journal System v2.4.8 to v3.3.8 allows attackers to perform reflected cross-site scripting (XSS) attacks via crafted HTTP headers. | ||||