Total
38431 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34163 | 1 Ibm | 1 Cics Tx | 2024-11-21 | N/A | 6.1 MEDIUM |
| IBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229333. | |||||
| CVE-2022-34160 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 229330. | |||||
| CVE-2022-34148 | 1 Jetbackup | 1 Jetbackup | 2024-11-21 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JetBackup JetBackup – WP Backup, Migrate & Restore plugin <= 1.6.9.0 versions. | |||||
| CVE-2022-34140 | 1 Feehi | 1 Feehi Cms | 2024-11-21 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field. | |||||
| CVE-2022-34133 | 1 Jorani | 1 Jorani | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Benjamin BALET Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/Leaves.php. | |||||
| CVE-2022-34094 | 1 Softwarepublico | 1 I3geo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via request_token.php. | |||||
| CVE-2022-34093 | 1 Softwarepublico | 1 I3geo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via access_token.php. | |||||
| CVE-2022-34092 | 1 Softwarepublico | 1 I3geo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via svg2img.php. | |||||
| CVE-2022-34048 | 1 Wavlink | 2 Wn533a8, Wn533a8 Firmware | 2024-11-21 | N/A | 6.1 MEDIUM |
| Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login_page parameter. | |||||
| CVE-2022-34025 | 1 Vestacp | 1 Vesta Control Panel | 2024-11-21 | N/A | 6.1 MEDIUM |
| Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the post function at /web/api/v1/upload/UploadHandler.php. | |||||
| CVE-2022-34009 | 2 Fossil-scm, Microsoft | 2 Fossil, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
| Fossil 2.18 on Windows allows attackers to cause a denial of service (daemon crash) via an XSS payload in a ticket. This occurs because the ticket data is stored in a temporary file, and the product does not properly handle the absence of this file after Windows Defender has flagged it as malware. | |||||
| CVE-2022-34007 | 1 Eqs | 1 Integrity Line | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| EQS Integrity Line Professional through 2022-07-01 allows a stored XSS via a crafted whistleblower entry. | |||||
| CVE-2022-33994 | 1 Gutenberg Project | 1 Gutenberg | 2024-11-21 | N/A | 3.0 LOW |
| The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the "Insert from URL" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous attempts by low-privileged users to reference SVG documents are blocked by some similar products, and this behavioral difference might have security relevance to some WordPress site administrators. | |||||
| CVE-2022-33978 | 1 Fontmeister Project | 1 Fontmeister | 2024-11-21 | N/A | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) vulnerability FontMeister plugin <= 1.08 at WordPress. | |||||
| CVE-2022-33961 | 1 Waspthemes | 1 Visual Css Style Editor | 2024-11-21 | N/A | 4.0 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WaspThemes Visual CSS Style Editor plugin <= 7.5.8 versions. | |||||
| CVE-2022-33943 | 1 Bxslider Wp Project | 1 Bxslider Wp | 2024-11-21 | N/A | 5.4 MEDIUM |
| Authenticated (contributor or higher user role) Cross-Site Scripting (XSS) vulnerability in Nico Amarilla's BxSlider WP plugin <= 2.0.0 at WordPress. | |||||
| CVE-2022-33935 | 1 Dell | 1 Emc Data Protection Advisor | 2024-11-21 | N/A | 5.4 MEDIUM |
| Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | |||||
| CVE-2022-33934 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | N/A | 7.7 HIGH |
| Dell PowerScale OneFS, versions 8.2.x through 9.4.x contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges may potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected fields. | |||||
| CVE-2022-33929 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | N/A | 6.1 MEDIUM |
| Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in EndUserSummary page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | |||||
| CVE-2022-33910 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, file_download.php opens the SVG document in a browser tab instead of downloading it as a file, causing the JavaScript code to execute. | |||||