Total
38440 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38758 | 1 Netiq | 1 Imanager | 2024-11-21 | N/A | 7.2 HIGH |
| Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user's browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL. | |||||
| CVE-2022-38754 | 1 Microfocus | 2 Operations Bridge, Operations Bridge Manager | 2024-11-21 | N/A | 8.0 HIGH |
| A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM (Operations Bridge Manager) user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is only applicable if the Operations Bridge Manager capability is deployed. A potential vulnerability has been identified in Micro Focus Operations Bridge Manager (OBM). The vulnerability could be exploited by a malicious authenticated OBM user to run Java Scripts in the browser context of another OBM user. This issue affects: Micro Focus Micro Focus Operations Bridge Manager versions prior to 2022.11. Micro Focus Micro Focus Operations Bridge- Containerized versions prior to 2022.11. | |||||
| CVE-2022-38709 | 2 Ibm, Microsoft | 2 Robotic Process Automation For Cloud Pak, Windows | 2024-11-21 | N/A | 6.1 MEDIUM |
| IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 234291. | |||||
| CVE-2022-38703 | 1 Maxfoundry | 1 Maxbuttons | 2024-11-21 | N/A | 3.4 LOW |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max Foundry Button Plugin MaxButtons plugin <= 9.2 at WordPress | |||||
| CVE-2022-38664 | 1 Jenkins | 1 Job Configuration History | 2024-11-21 | N/A | 5.4 MEDIUM |
| Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names. | |||||
| CVE-2022-38653 | 1 Hcltech | 1 Digital Experience | 2024-11-21 | N/A | 2.0 LOW |
| In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded. | |||||
| CVE-2022-38639 | 1 Inkdrop | 1 Markdown Nice | 2024-11-21 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Markdown-Nice v1.8.22 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Community Posting field. | |||||
| CVE-2022-38545 | 1 Valine.js | 1 Valine | 2024-11-21 | N/A | 9.6 CRITICAL |
| Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a crafted POST request. | |||||
| CVE-2022-38467 | 1 Crmperks | 1 Crm Perks Forms | 2024-11-21 | N/A | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) vulnerability in CRM Perks Forms – WordPress Form Builder <= 1.1.0 ver. | |||||
| CVE-2022-38463 | 1 Servicenow | 1 Servicenow | 2024-11-21 | N/A | 6.1 MEDIUM |
| ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality. | |||||
| CVE-2022-38460 | 1 Notice Board Project | 1 Notice Board | 2024-11-21 | N/A | 5.4 MEDIUM |
| Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in NOTICE BOARD plugin <= 1.1 at WordPress. | |||||
| CVE-2022-38439 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM. | |||||
| CVE-2022-38438 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM. | |||||
| CVE-2022-38390 | 1 Ibm | 1 Business Automation Workflow | 2024-11-21 | N/A | 5.4 MEDIUM |
| Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233978. | |||||
| CVE-2022-38379 | 1 Fortinet | 1 Fortisoar | 2024-11-21 | N/A | 3.5 LOW |
| Improper neutralization of input during web page generation [CWE-79] in FortiSOAR 7.0.0 through 7.0.3 and 7.2.0 may allow an authenticated attacker to inject HTML tags via input fields of various components within FortiSOAR. | |||||
| CVE-2022-38376 | 1 Fortinet | 1 Fortinac | 2024-11-21 | N/A | 6.1 MEDIUM |
| Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to perform an XSS attack via crafted HTTP requests. | |||||
| CVE-2022-38374 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | N/A | 8.8 HIGH |
| A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4 allows an attacker to execute unauthorized code or commands via the URL and User fields observed in the traffic and event logviews. | |||||
| CVE-2022-38373 | 1 Fortinet | 1 Fortideceptor | 2024-11-21 | N/A | 8.0 HIGH |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface 4.2.0, 4.1.0 through 4.1.1, 4.0.2 may allow an authenticated user to perform a cross site scripting (XSS) attack via sending requests with specially crafted lure resource ID. | |||||
| CVE-2022-38358 | 1 Eyeofnetwork | 1 Eyes Of Network Web | 2024-11-21 | N/A | 6.1 MEDIUM |
| Improper neutralization of input during web page generation leaves the Eyes of Network web application vulnerable to cross-site scripting attacks at /module/admin_notifiers/rules.php and /module/report_event/indext.php via the parameters rule_notification, rule_name, and rule_name_old, and at /module/admin_user/add_modify_user.php via the parameters user_name and user_email. | |||||
| CVE-2022-38339 | 1 Safe | 1 Fme Server | 2024-11-21 | N/A | 9.6 CRITICAL |
| Safe Software FME Server v2021.2.5, v2022.0.0.2 and below contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login page. | |||||