Export limit exceeded: 45749 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45749 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-23733 | 1 Github | 1 Enterprise Server | 2024-11-21 | 5.4 Medium |
| A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github's Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.3.11, 3.4.6 and 3.5.3. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2022-23724 | 1 Pingidentity | 1 Pingid Integration For Windows Login | 2024-11-21 | 6.4 Medium |
| Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials. | ||||
| CVE-2022-23713 | 1 Elastic | 1 Kibana | 2024-11-21 | 6.1 Medium |
| A cross-site-scripting (XSS) vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser. | ||||
| CVE-2022-23710 | 1 Elastic | 1 Kibana | 2024-11-21 | 6.1 Medium |
| A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow arbitrary JavaScript to be executed in a victim’s browser. | ||||
| CVE-2022-23707 | 1 Elastic | 1 Kibana | 2024-11-21 | 5.4 Medium |
| An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users | ||||
| CVE-2022-23706 | 1 Hp | 1 Oneview | 2024-11-21 | 6.1 Medium |
| A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView. | ||||
| CVE-2022-23697 | 1 Hp | 1 Oneview | 2024-11-21 | 6.1 Medium |
| A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. | ||||
| CVE-2022-23675 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 4.8 Medium |
| A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | ||||
| CVE-2022-23674 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 5.4 Medium |
| A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | ||||
| CVE-2022-23659 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 6.1 Medium |
| A remote reflected cross site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | ||||
| CVE-2022-23441 | 1 Fortinet | 1 Fortiedr | 2024-11-21 | 9.1 Critical |
| A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiEDR versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow an unauthenticated attacker on the network to disguise as and forge messages from other collectors. | ||||
| CVE-2022-23440 | 1 Fortinet | 1 Fortiedr | 2024-11-21 | 7.8 High |
| A use of hard-coded cryptographic key vulnerability [CWE-321] in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment. | ||||
| CVE-2022-23438 | 1 Fortinet | 1 Fortios | 2024-11-21 | 4.7 Medium |
| An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the captive portal authentication replacement page. | ||||
| CVE-2022-23402 | 1 Yokogawa | 5 Centum Vp, Centum Vp Entry, Centum Vp Entry Firmware and 2 more | 2024-11-21 | 9.8 Critical |
| The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00 | ||||
| CVE-2022-23397 | 1 Cedargate | 1 Ez-net Portal | 2024-11-21 | 6.1 Medium |
| The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability. NOTE: the vendor disputes this because the ado.im reference has "no clear steps of reproduction." | ||||
| CVE-2022-23391 | 1 Pybbs Project | 1 Pybbs | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Pybbs v6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Search box. | ||||
| CVE-2022-23378 | 1 Tastyigniter | 1 Tastyigniter | 2024-11-21 | 5.4 Medium |
| A Cross-Site Scripting (XSS) vulnerability exists within the 3.2.2 version of TastyIgniter. The "items%5B0%5D%5Bpath%5D" parameter of a request made to /admin/allergens/edit/1 is vulnerable. | ||||
| CVE-2022-23376 | 1 Wikidocs | 1 Wikidocs | 2024-11-21 | 6.1 Medium |
| WikiDocs version 0.1.18 has multiple reflected XSS vulnerabilities on different pages. | ||||
| CVE-2022-23367 | 1 Fulusso Project | 1 Fulusso | 2024-11-21 | 6.1 Medium |
| Fulusso v1.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in /BindAccount/SuccessTips.js. This vulnerability allows attackers to inject malicious code into a victim user's device via open redirection. | ||||
| CVE-2022-23350 | 1 Bigantsoft | 1 Bigant Server | 2024-11-21 | 5.4 Medium |
| BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnerability. | ||||