Total
38440 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36880 | 1 Webmin | 2 Usermin, Webmin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message. | |||||
| CVE-2022-36859 | 1 Samsung | 1 Smarttagplugin | 2024-11-21 | N/A | 5.7 MEDIUM |
| Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.21-6 allows privileged attackers to trigger a XSS on a victim's devices. | |||||
| CVE-2022-36801 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-11-21 | N/A | 6.1 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (RXSS) vulnerability in the TeamManagement.jspa endpoint. The affected versions are before version 8.20.8. | |||||
| CVE-2022-36796 | 1 Callrail | 1 Callrail Phone Call Tracking | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in CallRail, Inc. CallRail Phone Call Tracking plugin <= 0.4.9 at WordPress. | |||||
| CVE-2022-36791 | 1 Awesome | 1 Torro Forms | 2024-11-21 | N/A | 5.4 MEDIUM |
| Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Awesome UG Torro Forms plugin <= 1.0.16 at WordPress. | |||||
| CVE-2022-36778 | 1 Synel | 1 Eharmony | 2024-11-21 | N/A | 6.5 MEDIUM |
| insert HTML / js code inside input how to get to the vulnerable input : Workers > worker nickname > inject in this input the code. | |||||
| CVE-2022-36776 | 2 Ibm, Linux | 2 Cloud Pak For Security, Linux Kernel | 2024-11-21 | N/A | 5.4 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.10.0.0 79and 1.10.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233663. | |||||
| CVE-2022-36748 | 1 Picuploader Project | 1 Picuploader | 2024-11-21 | N/A | 6.1 MEDIUM |
| PicUploader v2.6.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /master/index.php. | |||||
| CVE-2022-36747 | 1 Cobub | 1 Razor | 2024-11-21 | N/A | 6.1 MEDIUM |
| Razor v0.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the function uploadchannel(). | |||||
| CVE-2022-36746 | 1 Librenms | 1 Librenms | 2024-11-21 | N/A | 6.1 MEDIUM |
| LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component oxidized-cfg-check.inc.php. | |||||
| CVE-2022-36745 | 1 Librenms | 1 Librenms | 2024-11-21 | N/A | 6.1 MEDIUM |
| LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component print-customoid.php. | |||||
| CVE-2022-36668 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | N/A | 5.4 MEDIUM |
| Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting (XSS) on several parameters. The vulnerabilities exist during creating or editing the parts under parameters. Using the XSS payload, the Stored XSS triggered and can be used for further attack vector. | |||||
| CVE-2022-36657 | 1 Library Management System Project | 1 Library Management System | 2024-11-21 | N/A | 4.8 MEDIUM |
| Library Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /librarian/edit_book_details.php. | |||||
| CVE-2022-36639 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in /client.php of Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | |||||
| CVE-2022-36637 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | N/A | 5.4 MEDIUM |
| Garage Management System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the brand_name parameter at /brand.php. | |||||
| CVE-2022-36600 | 1 Blogengine | 1 Blogengine.net | 2024-11-21 | N/A | 4.8 MEDIUM |
| BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field. | |||||
| CVE-2022-36583 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A | 6.1 MEDIUM |
| DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/co_do.php via the dopost, rpok, and aid parameters. | |||||
| CVE-2022-36573 | 1 Pagekit | 1 Pagekit | 2024-11-21 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under /blog/post/edit. | |||||
| CVE-2022-36548 | 1 Edoc-doctor-appointment-system Project | 1 Edoc-doctor-appointment-system | 2024-11-21 | N/A | 5.4 MEDIUM |
| Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability at /patient/settings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field. | |||||
| CVE-2022-36547 | 1 Edoc-doctor-appointment-system Project | 1 Edoc-doctor-appointment-system | 2024-11-21 | N/A | 6.1 MEDIUM |
| Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /patient/index.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field. | |||||