Export limit exceeded: 45741 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45741 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-23108 | 1 Jenkins | 1 Badge | 2024-11-21 | 5.4 Medium |
| Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-23101 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 6.1 Medium |
| OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message. | ||||
| CVE-2022-23099 | 1 Open-xchange | 1 App Suite | 2024-11-21 | 5.4 Medium |
| OX App Suite through 7.10.6 allows XSS by forcing block-wise read. | ||||
| CVE-2022-23083 | 1 Broadcom | 2 Netmaster File Transfer Management, Netmaster Network Management For Tcp\/ip | 2024-11-21 | 6.1 Medium |
| NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transfer Management contain a XSS (Cross-Site Scripting) vulnerability in ReportCenter UI due to insufficient input validation that could potentially allow an attacker to execute code on the affected machine. | ||||
| CVE-2022-23081 | 1 Openlibrary | 1 Openlibrary | 2024-11-21 | N/A |
| In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Reflected XSS. | ||||
| CVE-2022-23077 | 1 Habitica | 1 Habitica | 2024-11-21 | 6.1 Medium |
| In habitica versions v4.119.0 through v4.232.2 are vulnerable to DOM XSS via the login page. | ||||
| CVE-2022-23074 | 1 Tandoor | 1 Recipes | 2024-11-21 | N/A |
| In Recipes, versions 0.17.0 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in the ‘Name’ field of Keyword, Food and Unit components. When a victim accesses the Keyword/Food/Unit endpoints, the XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover. | ||||
| CVE-2022-23073 | 1 Tandoor | 1 Recipes | 2024-11-21 | N/A |
| In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in copy to clipboard functionality. When a victim accesses the food list page, then adds a new Food with a malicious javascript payload in the ‘Name’ parameter and clicks on the clipboard icon, an XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover. | ||||
| CVE-2022-23072 | 1 Tandoor | 1 Recipes | 2024-11-21 | N/A |
| In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in “Add to Cart” functionality. When a victim accesses the food list page, then adds a new Food with a malicious javascript payload in the ‘Name’ parameter and clicks on the Add to Shopping Cart icon, an XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover. | ||||
| CVE-2022-23068 | 1 Tooljet | 1 Tooljet | 2024-11-21 | 5.4 Medium |
| ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail. | ||||
| CVE-2022-23065 | 1 Vendure | 1 Vendure | 2024-11-21 | 5.4 Medium |
| In Vendure versions 0.1.0-alpha.2 to 1.5.1 are affected by Stored XSS vulnerability, where an attacker having catalog permission can upload a SVG file that contains malicious JavaScript into the “Assets” tab. The uploaded file will affect administrators as well as regular users. | ||||
| CVE-2022-23060 | 1 Shopizer | 1 Shopizer | 2024-11-21 | 4.8 Medium |
| A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0, where a privileged user (attacker) can inject malicious JavaScript in the filename under the “Manage files” tab | ||||
| CVE-2022-23059 | 1 Shopizer | 1 Shopizer | 2024-11-21 | 4.8 Medium |
| A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0 via the “Manage Images” tab, which allows an attacker to upload a SVG file containing malicious JavaScript code. | ||||
| CVE-2022-23058 | 1 Frappe | 1 Erpnext | 2024-11-21 | N/A |
| ERPNext in versions v12.0.9-v13.0.3 are affected by a stored XSS vulnerability that allows low privileged users to store malicious scripts in the ‘username’ field in ‘my settings’ which can lead to full account takeover. | ||||
| CVE-2022-23057 | 1 Frappe | 1 Erpnext | 2024-11-21 | 5.4 Medium |
| In ERPNext, versions v12.0.9--v13.0.3 are vulnerable to Stored Cross-Site-Scripting (XSS), due to user input not being validated properly. A low privileged attacker could inject arbitrary code into input fields when editing his profile. | ||||
| CVE-2022-23056 | 1 Frappe | 1 Erpnext | 2024-11-21 | N/A |
| In ERPNext, versions v13.0.0-beta.13 through v13.30.0 are vulnerable to Stored XSS at the Patient History page which allows a low privilege user to conduct an account takeover attack. | ||||
| CVE-2022-23054 | 1 Nasa | 1 Openmct | 2024-11-21 | 6.1 Medium |
| Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions. | ||||
| CVE-2022-23053 | 1 Nasa | 1 Openmct | 2024-11-21 | 6.1 Medium |
| Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions. | ||||
| CVE-2022-23051 | 1 Petereport Project | 1 Petereport | 2024-11-21 | 5.4 Medium |
| PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svg_file' parameter. | ||||
| CVE-2022-23049 | 1 Exponentcms | 1 Exponent Cms | 2024-11-21 | 5.4 Medium |
| Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session. | ||||