Total
38456 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41262 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | N/A | 6.1 MEDIUM |
| Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Provider Service) - version 7.50, allows an unauthenticated attacker to inject a script into a web request header. On successful exploitation, an attacker can view or modify information causing a limited impact on the confidentiality and integrity of the application. | |||||
| CVE-2022-41260 | 1 Sap | 1 Financial Consolidation | 2024-11-21 | N/A | 6.1 MEDIUM |
| SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | |||||
| CVE-2022-41258 | 1 Sap | 1 Financial Consolidation | 2024-11-21 | N/A | 6.5 MEDIUM |
| Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker to inject malicious script when running a common query in the Web Administration Console. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality, integrity and availability of the application. | |||||
| CVE-2022-41208 | 1 Sap | 1 Financial Consolidation | 2024-11-21 | N/A | 5.4 MEDIUM |
| Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session. On successful exploitation, the attacker can view or modify information, causing a limited impact on confidentiality and integrity of the application. | |||||
| CVE-2022-41136 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Vladimir Anokhin's Shortcodes Ultimate plugin <= 5.12.0 on WordPress. | |||||
| CVE-2022-41132 | 1 Ezoic | 1 Ezoic | 2024-11-21 | N/A | 6.1 MEDIUM |
| Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerability in Ezoic plugin <= 2.8.8 on WordPress. | |||||
| CVE-2022-40968 | 1 2kblater | 1 2kb Amazon Affiliates Store | 2024-11-21 | N/A | 4.8 MEDIUM |
| Reflected Cross-Site Scripting (XSS) vulnerability in 2kb Amazon Affiliates Store plugin <=2.1.5 on WordPress. | |||||
| CVE-2022-40965 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | N/A | 8.7 HIGH |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API. | |||||
| CVE-2022-40963 | 1 Themeum | 1 Wp Page Builder | 2024-11-21 | N/A | 4.8 MEDIUM |
| Multiple Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerabilities in WP Page Builder plugin <= 1.2.6 on WordPress. | |||||
| CVE-2022-40778 | 1 Opswat | 1 Metadefender | 2024-11-21 | N/A | 5.4 MEDIUM |
| A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response. | |||||
| CVE-2022-40753 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | N/A | 5.4 MEDIUM |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236688. | |||||
| CVE-2022-40750 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | N/A | 5.4 MEDIUM |
| IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236588. | |||||
| CVE-2022-40744 | 1 Ibm | 1 Aspera Faspex | 2024-11-21 | N/A | 4.8 MEDIUM |
| IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236441. | |||||
| CVE-2022-40739 | 1 Ragic | 1 Ragic | 2024-11-21 | N/A | 5.4 MEDIUM |
| Ragic report generation page has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript to perform XSS (Reflected Cross-Site Scripting) attack. | |||||
| CVE-2022-40714 | 1 Nokia | 1 1350 Optical Management System | 2024-11-21 | N/A | 6.1 MEDIUM |
| An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /oms1350/* endpoints. | |||||
| CVE-2022-40699 | 1 Yasr - Yet Another Stars Rating Project | 1 Yasr - Yet Another Stars Rating | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in Dario Curvino Yasr – Yet Another Stars Rating plugin <= 3.1.2 versions. | |||||
| CVE-2022-40698 | 1 Expresstech | 1 Quiz And Survey Master | 2024-11-21 | N/A | 5.4 MEDIUM |
| Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress. | |||||
| CVE-2022-40697 | 1 3commarketing | 1 3com-asesor-de-cookies | 2024-11-21 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 3com – Asesor de Cookies para normativa española plugin <= 3.4.3 versions. | |||||
| CVE-2022-40694 | 1 Storeapps | 1 News Announcement Scroll | 2024-11-21 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in News Announcement Scroll plugin <= 8.8.8 on WordPress. | |||||
| CVE-2022-40680 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A | 4.0 MEDIUM |
| A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiOS 6.0.7 - 6.0.15, 6.2.2 - 6.2.12, 6.4.0 - 6.4.9 and 7.0.0 - 7.0.3 allows a privileged attacker to execute unauthorized code or commands via storing malicious payloads in replacement messages. | |||||