Total
38456 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40676 | 1 Fortinet | 1 Fortinac | 2024-11-21 | N/A | 7.5 HIGH |
| A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests. | |||||
| CVE-2022-40672 | 1 Wpchill | 1 Cpo Shortcodes | 2024-11-21 | N/A | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CPO Shortcodes plugin <= 1.5.0 at WordPress. | |||||
| CVE-2022-40631 | 1 Siemens | 60 Scalance X200-4p Irt, Scalance X200-4p Irt Firmware, Scalance X201-3p Irt and 57 more | 2024-11-21 | N/A | 6.1 MEDIUM |
| A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT (All versions < V5.5.0), SCALANCE X202-2P IRT (All versions < V5.5.0), SCALANCE X202-2P IRT PRO (All versions < V5.5.0), SCALANCE X204-2 (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X204IRT (All versions < V5.5.0), SCALANCE X204IRT PRO (All versions < V5.5.0), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < V5.5.0), SCALANCE XF202-2P IRT (All versions < V5.5.0), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204-2 (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < V5.5.0), SCALANCE XF204IRT (All versions < V5.5.0), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.0). There is a cross-site scripting vulnerability on the affected devices, that if used by a threat actor, it could result in session hijacking. | |||||
| CVE-2022-40626 | 2 Fedoraproject, Zabbix | 2 Fedora, Zabbix | 2024-11-21 | N/A | 4.8 MEDIUM |
| An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend. | |||||
| CVE-2022-40603 | 1 Zyxel | 38 Atp100, Atp100 Firmware, Atp100w and 35 more | 2024-11-21 | N/A | 4.7 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. Then, the attacker could gain access to some browser-based information if the malicious script is executed on the victim’s browser. | |||||
| CVE-2022-40440 | 1 Jgraph | 1 Mxgraph | 2024-11-21 | N/A | 6.1 MEDIUM |
| mxGraph v4.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the setTooltips() function. | |||||
| CVE-2022-40365 | 1 Gocron Project | 1 Gocron | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in ouqiang gocron through 1.5.3, allows attackers to execute arbitrary code via scope.row.hostname in web/vue/src/pages/taskLog/list.vue. | |||||
| CVE-2022-40325 | 1 Sysaid | 1 Help Desk | 2024-11-21 | N/A | 6.1 MEDIUM |
| SysAid Help Desk before 22.1.65 allows XSS via the Asset Dashboard, aka FR# 67262. | |||||
| CVE-2022-40324 | 1 Sysaid | 1 Help Desk | 2024-11-21 | N/A | 6.1 MEDIUM |
| SysAid Help Desk before 22.1.65 allows XSS via the Linked SRs field, aka FR# 67258. | |||||
| CVE-2022-40323 | 1 Sysaid | 1 Help Desk | 2024-11-21 | N/A | 6.1 MEDIUM |
| SysAid Help Desk before 22.1.65 allows XSS in the Password Services module, aka FR# 67241. | |||||
| CVE-2022-40322 | 1 Sysaid | 1 Help Desk | 2024-11-21 | N/A | 6.1 MEDIUM |
| SysAid Help Desk before 22.1.65 allows XSS, aka FR# 66542 and 65579. | |||||
| CVE-2022-40317 | 1 Openkm | 1 Openkm | 2024-11-21 | N/A | 5.4 MEDIUM |
| OpenKM 6.3.11 allows stored XSS related to the javascript: substring in an A element. | |||||
| CVE-2022-40311 | 1 Fatcatapps | 1 Analytics Cat | 2024-11-21 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) in Fatcat Apps Analytics Cat plugin <= 1.0.9 on WordPress. | |||||
| CVE-2022-40257 | 1 Cert | 1 Vince | 2024-11-21 | N/A | 5.4 MEDIUM |
| An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via a crafted email with HTML content in the Subject field. | |||||
| CVE-2022-40248 | 1 Cert | 1 Vince | 2024-11-21 | N/A | 5.4 MEDIUM |
| An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via form using the "Product Affected" field. | |||||
| CVE-2022-40215 | 1 Tabs Project | 1 Tabs | 2024-11-21 | N/A | 3.4 LOW |
| Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in Tabs plugin <= 3.7.1 at WordPress. | |||||
| CVE-2022-40213 | 1 Gsplugins | 1 Gs Testimonial Slider | 2024-11-21 | N/A | 4.1 MEDIUM |
| Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in GS Testimonial Slider plugin <= 1.9.6 at WordPress. | |||||
| CVE-2022-40211 | 2024-11-21 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP allows Stored XSS.This issue affects GiveWP: from n/a through 2.25.1. | |||||
| CVE-2022-40209 | 1 Xylusthemes | 1 Wp Smart Import | 2024-11-21 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xylus Themes WP Smart Import plugin <= 1.0.2 on WordPress. | |||||
| CVE-2022-40204 | 1 Digitalalertsystems | 10 Dasdec I, Dasdec I Firmware, Dasdec Ii and 7 more | 2024-11-21 | N/A | 4.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability exists in all current versions of Digital Alert Systems DASDEC software via the Host Header in undisclosed pages after login. | |||||