Total
38456 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41941 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 6.2 MEDIUM |
| GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, prior to 10.0.6, are subject to Cross-site Scripting. An administrator may store malicious code in help links. This issue is patched in 10.0.6. | |||||
| CVE-2022-41938 | 1 Flarum | 1 Flarum | 2024-11-21 | N/A | 9.0 CRITICAL |
| Flarum is an open source discussion platform. Flarum's page title system allowed for page titles to be converted into HTML DOM nodes when pages were rendered. The change was made after `v1.5` and was not noticed. This allowed an attacker to inject malicious HTML markup using a discussion title input, either by creating a new discussion or renaming one. The XSS attack occurs after a visitor opens the relevant discussion page. All communities running Flarum from `v1.5.0` to `v1.6.1` are impacted. The vulnerability has been fixed and published as flarum/core `v1.6.2`. All communities running Flarum from `v1.5.0` to `v1.6.1` have to upgrade as soon as possible to v1.6.2. There are no known workarounds for this issue. | |||||
| CVE-2022-41905 | 1 Wsgidav Project | 1 Wsgidav | 2024-11-21 | N/A | 8.2 HIGH |
| WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting (XSS) attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set `dir_browser.enable = False` in the configuration. | |||||
| CVE-2022-41831 | 1 Wp Glossary Project | 1 Wp Glossary | 2024-11-21 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Cross-Site Scripting vulnerability in TCBarrett WP Glossary plugin <= 3.1.2 versions. | |||||
| CVE-2022-41814 | 1 Hallowelt | 1 Bluespice | 2024-11-21 | N/A | 3.3 LOW |
| Cross-site Scripting (XSS) vulnerability in BlueSpiceFoundation extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the history view of a wikipage. | |||||
| CVE-2022-41789 | 1 Hallowelt | 1 Bluespice | 2024-11-21 | N/A | 3.3 LOW |
| Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows logged in user with edit permissions to inject arbitrary HTML into the default page header of a wikipage. | |||||
| CVE-2022-41788 | 1 Pencidesign | 1 Soledad | 2024-11-21 | N/A | 5.4 MEDIUM |
| Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Soledad premium theme <= 8.2.5 on WordPress. | |||||
| CVE-2022-41785 | 1 Robogallery | 1 Gallery Images Ape | 2024-11-21 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Galleryape Gallery Images Ape plugin <= 2.2.8 versions. | |||||
| CVE-2022-41762 | 1 Nokia | 1 Network Functions Manager For Transport | 2024-11-21 | N/A | 6.1 MEDIUM |
| An issue was discovered in NOKIA NFM-T R19.9. Multiple Reflected XSS vulnerabilities exist in the Network Element Manager via any parameter to log.pl, the bench or pid parameter to top.pl, or the id parameter to easy1350.pl. | |||||
| CVE-2022-41735 | 1 Ibm | 1 Business Automation Workflow | 2024-11-21 | N/A | 5.4 MEDIUM |
| IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 65687. | |||||
| CVE-2022-41702 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | N/A | 8.7 HIGH |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API. | |||||
| CVE-2022-41701 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | N/A | 8.7 HIGH |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API. | |||||
| CVE-2022-41679 | 1 Formalms | 1 Formalms | 2024-11-21 | N/A | 4.7 MEDIUM |
| Forma LMS version 3.1.0 and earlier are affected by an Cross-Site scripting vulnerability, that could allow a remote attacker to inject javascript code on the “back_url” parameter in appLms/index.php?modname=faq&op=play function. The exploitation of this vulnerability could allow an attacker to steal the user´s cookies in order to log in to the application. | |||||
| CVE-2022-41676 | 1 Raidenmaild | 1 Raidenmaild | 2024-11-21 | N/A | 5.4 MEDIUM |
| Raiden MAILD Mail Server website mail field has insufficient filtering for user input. A remote attacker with general user privilege can send email using the website with malicious JavaScript in the input field, which triggers XSS (Reflected Cross-Site Scripting) attack to the mail recipient. | |||||
| CVE-2022-41651 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | N/A | 8.7 HIGH |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API. | |||||
| CVE-2022-41643 | 1 Accessibility Project | 1 Accessibility | 2024-11-21 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Accessibility plugin <= 1.0.3 on WordPress. | |||||
| CVE-2022-41640 | 1 Rymera | 1 Wholesale Suite | 2024-11-21 | N/A | 6.5 MEDIUM |
| Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Rymera Web Co Wholesale Suite plugin <= 2.1.5 versions. | |||||
| CVE-2022-41638 | 1 Chop-chop | 1 Pop-up Chop Chop | 2024-11-21 | N/A | 5.4 MEDIUM |
| Auth. Stored Cross-Site Scripting (XSS) in Pop-Up Chop Chop plugin <= 2.1.7 on WordPress. | |||||
| CVE-2022-41615 | 1 Agilelogix | 1 Store Locator | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on WordPress. | |||||
| CVE-2022-41612 | 1 Shareaholic | 1 Similar Posts | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shareaholic Similar Posts plugin <= 3.1.6 versions. | |||||