Total
38405 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30982 | 1 Gentics | 1 Gentics Cms | 2024-11-21 | N/A | 5.4 MEDIUM |
| An issue was discovered in Gentics CMS before 5.43.1. There is stored XSS in the profile description and in the username. | |||||
| CVE-2022-30970 | 1 Jenkins | 1 Autocomplete Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropdown Autocomplete parameter and Auto Complete String parameter names in an unsafe manner from Javascript embedded in view definitions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-30968 | 1 Jenkins | 1 Vboxwrapper | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins vboxwrapper Plugin 1.3 and earlier does not escape the name and description of VBox node parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-30967 | 1 Jenkins | 1 Selection Tasks | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Selection tasks Plugin 1.0 and earlier does not escape the name and description of Script Selection task variable parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-30965 | 1 Jenkins | 1 Promoted Builds | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-30964 | 1 Jenkins | 1 Multiselect Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Multiselect parameter Plugin 1.3 and earlier does not escape the name and description of Multiselect parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-30963 | 1 Jenkins | 1 Jdk Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-30962 | 1 Jenkins | 1 Global Variable String Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Global Variable String Parameter Plugin 1.2 and earlier does not escape the name and description of Global Variable String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-30961 | 1 Jenkins | 1 Autocomplete Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Autocomplete Parameter Plugin 1.1 and earlier does not escape the name of Dropdown Autocomplete and Auto Complete String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-30960 | 1 Jenkins | 1 Application Detector | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Application Detector Plugin 1.0.8 and earlier does not escape the name of Chois Application Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-30956 | 1 Jenkins | 1 Rundeck | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to submit crafted Rundeck webhook payloads. | |||||
| CVE-2022-30903 | 1 Nokia | 2 G-2425g-a, G-2425g-a Firmware | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA" Software Version "3FE49362IJHK42" is vulnerable to Cross-Site Scripting (XSS) via the admin->Maintenance>Device Management. | |||||
| CVE-2022-30899 | 1 Partkeepr | 1 Partkeepr | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the 'name' field in /api/part_categories. | |||||
| CVE-2022-30875 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page. | |||||
| CVE-2022-30874 | 1 Nukeviet | 1 Nukeviet | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| There is a Cross Site Scripting Stored (XSS) vulnerability in NukeViet CMS before 4.5.02. | |||||
| CVE-2022-30863 | 1 Fudforum | 1 Fudforum | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_title param in Page Manager in the Admin Control Panel. | |||||
| CVE-2022-30861 | 1 Fudforum | 1 Fudforum | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature. | |||||
| CVE-2022-30842 | 1 Covid 19 Travel Pass Management System Project | 1 Covid 19 Travel Pass Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ctpms/classes/Users.php?f=save, firstname. | |||||
| CVE-2022-30839 | 1 Room Rent Portal Site Project | 1 Room Rent Portal Site | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Room-rent-portal-site v1.0 is vulnerable to Cross Site Scripting (XSS) via /rrps/classes/Master.php?f=save_category, vehicle_name. | |||||
| CVE-2022-30777 | 1 Parallels | 1 H-sphere | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter. | |||||