Total
38456 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3895 | 1 Hallowelt | 2 Bluespice, Common User Interface | 2024-11-21 | N/A | 4.0 MEDIUM |
| Some UI elements of the Common User Interface Component are not properly sanitizing output and therefore prone to output arbitrary HTML (XSS). | |||||
| CVE-2022-3893 | 1 Hallowelt | 1 Bluespice | 2024-11-21 | N/A | 2.3 LOW |
| Cross-site Scripting (XSS) vulnerability in BlueSpiceCustomMenu extension of BlueSpice allows user with admin permissions to inject arbitrary HTML into the custom menu navigation of the application. | |||||
| CVE-2022-3877 | 1 Clickstudios | 1 Passwordstate | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Affected is an unknown function of the component URL Field Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. VDB-216246 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3873 | 1 Diagrams | 1 Drawio | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/drawio prior to 20.5.2. | |||||
| CVE-2022-3869 | 1 Froxlor | 1 Froxlor | 2024-11-21 | N/A | 6.1 MEDIUM |
| Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2. | |||||
| CVE-2022-3845 | 1 Phpipam | 1 Phpipam | 2024-11-21 | N/A | 2.4 LOW |
| A vulnerability has been found in phpipam and classified as problematic. Affected by this vulnerability is an unknown functionality of the file app/admin/import-export/import-load-data.php of the component Import Preview Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.0 is able to address this issue. The name of the patch is 22c797c3583001211fe7d31bccd3f1d4aeeb3bbc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-212863. | |||||
| CVE-2022-3844 | 1 Webmin | 1 Webmin | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, was found in Webmin 2.001. Affected is an unknown function of the file xterm/index.cgi. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.003 is able to address this issue. The patch is identified as d3d33af3c0c3fd3a889c84e287a038b7a457d811. It is recommended to upgrade the affected component. VDB-212862 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3804 | 1 Eolink | 1 Apinto-dashboard | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability was found in eolinker apinto-dashboard. It has been classified as problematic. Affected is an unknown function of the file /login. The manipulation of the argument callback leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212640. | |||||
| CVE-2022-3803 | 1 Eolink | 1 Apinto-dashboard | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability was found in eolinker apinto-dashboard and classified as problematic. This issue affects some unknown processing of the file /api/discoveries/. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212639. | |||||
| CVE-2022-3783 | 1 Nodered | 1 Node-red-dashboard | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component ui_text Format Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 9305d1a82f19b235dfad24a7d1dd4ed244db7743. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212555. | |||||
| CVE-2022-3766 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8. | |||||
| CVE-2022-3765 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8. | |||||
| CVE-2022-3716 | 1 Oretnom23 | 1 Online Medicine Ordering System | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability classified as problematic was found in SourceCodester Online Medicine Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /omos/admin/?page=user/list. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-212347. | |||||
| CVE-2022-3704 | 1 Rubyonrails | 1 Rails | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The real existence of this vulnerability is still doubted at the moment. The name of the patch is be177e4566747b73ff63fd5f529fab564e475ed4. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212319. NOTE: Maintainer declares that there isn’t a valid attack vector. The issue was wrongly reported as a security vulnerability by a non-member of the Rails team. | |||||
| CVE-2022-3695 | 1 Hitachivantara | 1 Pentaho Business Analytics | 2024-11-21 | N/A | 6.5 MEDIUM |
| Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.3.0.0, 9.2.0.4 and 8.3.0.27 allow a malicious URL to inject content into a dashboard when the CDE plugin is present. | |||||
| CVE-2022-3673 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability, which was classified as problematic, was found in SourceCodester Sanitization Management System 1.0. Affected is an unknown function of the file /php-sms/classes/Master.php. The manipulation of the argument message leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-212016. | |||||
| CVE-2022-3672 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Sanitization Management System 1.0. This issue affects some unknown processing of the file /php-sms/classes/SystemSettings.php. The manipulation of the argument name/shortname leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-212015. | |||||
| CVE-2022-3608 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 8.4 HIGH |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha. | |||||
| CVE-2022-3587 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component My Account. The manipulation of the argument First Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211201 was assigned to this vulnerability. | |||||
| CVE-2022-3581 | 1 Oretnom23 | 1 Cashier Queuing System | 2024-11-21 | N/A | 2.4 LOW |
| A vulnerability, which was classified as problematic, was found in SourceCodester Cashier Queuing System 1.0. Affected is an unknown function of the component Cashiers Tab. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-211188. | |||||