Total
38406 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31402 | 1 Combodo | 1 Itop | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/webservices/export-v2.php. | |||||
| CVE-2022-31400 | 1 Helpdeskz | 1 Helpdeskz | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /staff/setup/email-addresses of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field. | |||||
| CVE-2022-31398 | 1 Helpdeskz | 1 Helpdeskz | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /staff/tools/custom-fields of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field. | |||||
| CVE-2022-31373 | 1 Contec | 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SolarView Compact v6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Solar_AiConf.php. | |||||
| CVE-2022-31303 | 1 Maccms | 1 Maccms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| maccms10 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field. | |||||
| CVE-2022-31302 | 1 Maccms | 1 Maccms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| maccms8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field. | |||||
| CVE-2022-31301 | 1 Angtech | 1 Haraj | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Haraj v3.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Post Ads component. | |||||
| CVE-2022-31300 | 1 Angtech | 1 Haraj | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability in the DM Section component of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. | |||||
| CVE-2022-31299 | 1 Angtech | 1 Haraj | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Haraj v3.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the User Upgrade Form. | |||||
| CVE-2022-31298 | 1 Angtech | 1 Haraj | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability in the ads comment section of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. | |||||
| CVE-2022-31290 | 1 Withknown | 1 Known | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Known v1.2.2+2020061101 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field. | |||||
| CVE-2022-31201 | 1 Monitoringsoft | 1 Softguard Web | 2024-11-21 | N/A | 5.4 MEDIUM |
| SoftGuard Web (SGW) before 5.1.5 allows HTML injection. | |||||
| CVE-2022-31200 | 1 Atmail | 1 Atmail | 2024-11-21 | N/A | 6.1 MEDIUM |
| Atmail 5.62 allows XSS via the mail/parse.php?file=html/$this-%3ELanguage/help/filexp.html&FirstLoad=1&HelpFile=file.html Search Terms field. | |||||
| CVE-2022-31192 | 1 Duraspace | 1 Dspace | 2024-11-21 | N/A | 7.1 HIGH |
| DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item requests could be vulnerable to XSS attacks. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2022-31191 | 1 Duraspace | 1 Dspace | 2024-11-21 | N/A | 7.1 HIGH |
| DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI autocomplete HTML does not properly escape text passed to it. Both are vulnerable to XSS. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-31187 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 6.8 MEDIUM |
| GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions were found to not properly neutralize HTML tags in the global search context. Users are advised to upgrade to version 10.0.3 to resolve this issue. Users unable to upgrade should disable global search. | |||||
| CVE-2022-31175 | 1 Ckeditor | 3 Ckeditor5-html-embed, Ckeditor5-html-support, Ckeditor5-markdown-gfm | 2024-11-21 | N/A | 5.8 MEDIUM |
| CKEditor 5 is a JavaScript rich text editor. A cross-site scripting vulnerability has been discovered affecting three optional CKEditor 5's packages in versions prior to 35.0.1. The vulnerability allowed to trigger a JavaScript code after fulfilling special conditions. The affected packages are `@ckeditor/ckeditor5-markdown-gfm`, `@ckeditor/ckeditor5-html-support`, and `@ckeditor/ckeditor5-html-embed`. The specific conditions are 1) Using one of the affected packages. In case of `ckeditor5-html-support` and `ckeditor5-html-embed`, additionally, it was required to use a configuration that allows unsafe markup inside the editor. 2) Destroying the editor instance and 3) Initializing the editor on an element and using an element other than `<textarea>` as a base. The root cause of the issue was a mechanism responsible for updating the source element with the markup coming from the CKEditor 5 data pipeline after destroying the editor. This vulnerability might affect a small percent of integrators that depend on dynamic editor initialization/destroy and use Markdown, General HTML Support or HTML embed features. The problem has been recognized and patched. The fix is available in version 35.0.1. There are no known workarounds for this issue. | |||||
| CVE-2022-31160 | 5 Debian, Drupal, Fedoraproject and 2 more | 15 Debian Linux, Jquery Ui Checkboxradio, Fedora and 12 more | 2024-11-21 | N/A | 6.1 MEDIUM |
| jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( "refresh" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the `label` in a `span`. | |||||
| CVE-2022-31148 | 1 Shopware | 1 Shopware | 2024-11-21 | N/A | 5.4 MEDIUM |
| Shopware is an open source e-commerce software. In versions from 5.7.0 a persistent cross site scripting (XSS) vulnerability exists in the customer module. Users are recommend to update to the current version 5.7.14. You can get the update to 5.7.14 regularly via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue. | |||||
| CVE-2022-31136 | 1 Joinbookwyrm | 1 Bookwyrm | 2024-11-21 | 4.3 MEDIUM | 6.3 MEDIUM |
| Bookwyrm is an open source social reading and reviewing program. Versions of Bookwyrm prior to 0.4.1 did not properly sanitize html being rendered to users. Unprivileged users are able to inject scripts into user profiles, book descriptions, and statuses. These vulnerabilities may be exploited as cross site scripting attacks on users viewing these fields. Users are advised to upgrade to version 0.4.1. There are no known workarounds for this issue. | |||||