Total
38440 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38188 | 1 Esri | 1 Portal For Arcgis | 2024-11-21 | N/A | 6.1 MEDIUM |
| There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser. | |||||
| CVE-2022-38186 | 1 Esri | 1 Portal For Arcgis | 2024-11-21 | N/A | 6.1 MEDIUM |
| There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser. | |||||
| CVE-2022-38172 | 1 Servicenow | 1 Servicenow | 2024-11-21 | N/A | 6.1 MEDIUM |
| ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytics dashboard. | |||||
| CVE-2022-38114 | 1 Solarwinds | 1 Security Event Manager | 2024-11-21 | N/A | 6.1 MEDIUM |
| This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS. | |||||
| CVE-2022-38110 | 1 Solarwinds | 1 Database Performance Analyzer | 2024-11-21 | N/A | 5.4 MEDIUM |
| In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting. | |||||
| CVE-2022-38106 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | N/A | 5.4 MEDIUM |
| This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function. | |||||
| CVE-2022-38089 | 1 Exceedone | 2 Exment, Laravel-admin | 2024-11-21 | N/A | 5.4 MEDIUM |
| Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script. | |||||
| CVE-2022-38080 | 1 Exceedone | 2 Exment, Laravel-admin | 2024-11-21 | N/A | 5.4 MEDIUM |
| Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script. | |||||
| CVE-2022-38075 | 1 Webartesanal | 1 Mantenimiento Web | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Mantenimiento web plugin <= 0.13 on WordPress. | |||||
| CVE-2022-38073 | 1 Getawesomesupport | 1 Awesome Support | 2024-11-21 | N/A | 5.4 MEDIUM |
| Multiple Authenticated (custom specific plugin role) Persistent Cross-Site Scripting (XSS) vulnerability in Awesome Support plugin <= 6.0.7 at WordPress. | |||||
| CVE-2022-38068 | 1 Apasionados | 1 Export Post Info | 2024-11-21 | N/A | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Apasionados Export Post Info plugin <= 1.1.0 at WordPress. | |||||
| CVE-2022-38055 | 1 Gvectors | 1 Wpforo Forum | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through 2.0.9. | |||||
| CVE-2022-37952 | 1 Ge | 1 Workstationst | 2024-11-21 | N/A | 4.7 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST (<v07.09.15) could allow an attacker to compromise a victim's browser. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater. | |||||
| CVE-2022-37896 | 2 Arubanetworks, Siemens | 4 Arubaos, Instant, Scalance W1750d and 1 more | 2024-11-21 | N/A | 6.1 MEDIUM |
| A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability. | |||||
| CVE-2022-37892 | 2 Arubanetworks, Siemens | 4 Arubaos, Instant, Scalance W1750d and 1 more | 2024-11-21 | N/A | 5.4 MEDIUM |
| A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address this security vulnerability. | |||||
| CVE-2022-37830 | 1 Webjet | 1 Webjet Cms | 2024-11-21 | N/A | 9.6 CRITICAL |
| Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2022-37796 | 1 Oretnom23 | 1 Simple Online Book Store System | 2024-11-21 | N/A | 5.4 MEDIUM |
| In Simple Online Book Store System 1.0 in /admin_book.php the Title, Author, and Description parameters are vulnerable to Cross Site Scripting(XSS). | |||||
| CVE-2022-37775 | 1 Genesys | 1 Pureconnect | 2024-11-21 | N/A | 6.1 MEDIUM |
| Genesys PureConnect Interaction Web Tools Chat Service (up to at least 26- September- 2019) allows XSS within the Printable Chat History via the participant -> name JSON POST parameter. | |||||
| CVE-2022-37731 | 1 Ftcms | 1 Ftcms | 2024-11-21 | N/A | 6.1 MEDIUM |
| ftcms 2.1 poster.PHP has a XSS vulnerability. The attacker inserts malicious JavaScript code into the web page, causing the user / administrator to trigger malicious code when accessing. | |||||
| CVE-2022-37724 | 1 Apple | 1 Webobjects | 2024-11-21 | N/A | 6.1 MEDIUM |
| Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces. | |||||