Total
38432 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34834 | 1 Vermeg | 1 Agile Reporter | 2024-11-21 | N/A | 4.8 MEDIUM |
| An issue was discovered in VERMEG AgileReporter 21.3. Attackers can gain privileges via an XSS payload in an Add Comment action to the Activity log. | |||||
| CVE-2022-34833 | 1 Vermeg | 1 Agile Reporter | 2024-11-21 | N/A | 5.4 MEDIUM |
| An issue was discovered in VERMEG AgileReporter 21.3. An admin can enter an XSS payload in the Analysis component. | |||||
| CVE-2022-34795 | 1 Jenkins | 1 Deployment Dashboard | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape environment names on its Deployment Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission. | |||||
| CVE-2022-34791 | 1 Jenkins | 1 Validating Email Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Validating Email Parameter Plugin 1.10 and earlier does not escape the name and description of its parameter type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34790 | 1 Jenkins | 1 Extreme Feedback Panel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins eXtreme Feedback Panel Plugin 2.0.1 and earlier does not escape the job names used in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34788 | 1 Jenkins | 1 Matrix Reloaded | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. | |||||
| CVE-2022-34787 | 1 Jenkins | 1 Project Inheritance | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked. | |||||
| CVE-2022-34786 | 1 Jenkins | 1 Rich Text Publisher | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the HTML message set by its post-build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs. | |||||
| CVE-2022-34784 | 1 Jenkins | 1 Build-metrics | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Build/Update permission. | |||||
| CVE-2022-34783 | 1 Jenkins | 1 Plot | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34778 | 1 Jenkins | 1 Testng Results | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins TestNG Results Plugin 554.va4a552116332 and earlier renders the unescaped test descriptions and exception messages provided in test results if certain job-level options are set, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or control test results. | |||||
| CVE-2022-34777 | 1 Jenkins | 1 Gitlab | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34768 | 1 Supersmart | 1 Supersmart.me - Walk Through | 2024-11-21 | N/A | 6.5 MEDIUM |
| insert HTML / js code inside input how to get to the vulnerable input : Workers > worker nickname > inject in this input the code. | |||||
| CVE-2022-34656 | 1 Wpdevart | 1 Poll\, Survey\, Questionnaire And Voting System | 2024-11-21 | N/A | 4.8 MEDIUM |
| Authenticated (admin+) Cross-Site Scripting (XSS) vulnerability in wpdevart Poll, Survey, Questionnaire and Voting system plugin <= 1.7.4 at WordPress. | |||||
| CVE-2022-34650 | 1 Wpwax | 1 Team | 2024-11-21 | N/A | 4.1 MEDIUM |
| Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress. | |||||
| CVE-2022-34648 | 1 Uploading Svg\, Webp And Ico Files Project | 1 Uploading Svg\, Webp And Ico Files | 2024-11-21 | N/A | 4.8 MEDIUM |
| Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress. | |||||
| CVE-2022-34619 | 1 Mealie Project | 1 Mealie | 2024-11-21 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Mealie v0.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Shopping Lists item names text field. | |||||
| CVE-2022-34618 | 1 Mealie Project | 1 Mealie | 2024-11-21 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Mealie 1.0.0beta3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the recipe description text field. | |||||
| CVE-2022-34611 | 1 Online Fire Reporting System Project | 1 Online Fire Reporting System | 2024-11-21 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /index.php/?p=report of Online Fire Reporting System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "Contac #" text field. | |||||
| CVE-2022-34594 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2024-11-21 | N/A | 4.8 MEDIUM |
| Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component ip/school/moudel/update_subject.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Subject text field. | |||||