Total
38404 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30517 | 1 Mogublog Project | 1 Mogublog | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mogu blog 5.2 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2022-30514 | 1 School Dormitory Management System Project | 1 School Dormitory Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:126. | |||||
| CVE-2022-30513 | 1 School Dormitory Management System Project | 1 School Dormitory Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:125 | |||||
| CVE-2022-30494 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs. | |||||
| CVE-2022-30489 | 1 Wavlink | 2 Wn535g3, Wn535g3 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi. | |||||
| CVE-2022-30482 | 1 Ecommerce-project-with-php-and-mysqli-fruits-bazar Project | 1 Ecommerce-project-with-php-and-mysqli-fruits-bazar | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- 1.0 is vulnerable to Cross Site Scripting (XSS) in \admin\add_cata.php via the ctg_name parameters. | |||||
| CVE-2022-30464 | 1 Chatbot App With Suggestion Project | 1 Chatbot App With Suggestion | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Site Scripting (XSS) via /simple_chat_bot/classes/Master.php?f=save_response. | |||||
| CVE-2022-30462 | 1 Water Billing System Project | 1 Water Billing System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Water-billing-management-system v1.0 is affected by: Cross Site Scripting (XSS) via /wbms/classes/Users.php?f=save, firstname. | |||||
| CVE-2022-30460 | 1 Simple Social Networking Site Project | 1 Simple Social Networking Site | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Simple Social Networking Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /sns/classes/Users.php?f=save, firstname. | |||||
| CVE-2022-30458 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Automotive Shop Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /asms/classes/Master.php?f=save_product, name. | |||||
| CVE-2022-30456 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Badminton Center Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /bcms/classes/Master.php?f=save_court_rental. | |||||
| CVE-2022-30429 | 1 Neos | 1 Neos Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title. The vulnerabilities were found in versions 3.3.29 and 8.0.1 and could also be present in all intermediate versions. | |||||
| CVE-2022-30349 | 1 Sscms | 1 Siteserver Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2022-30326 | 1 Trendnet | 2 Tew-831dr, Tew-831dr Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The network pre-shared key field on the web interface is vulnerable to XSS. An attacker can use a simple XSS payload to crash the basic.config page of the web interface. | |||||
| CVE-2022-30304 | 1 Fortinet | 1 Fortianalyzer | 2024-11-21 | N/A | 4.3 MEDIUM |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAnalyzer versions prior to 7.2.1, 7.0.4 and 6.4.8 may allow a remote unauthenticated attacker to perform a stored cross site scripting (XSS) attack via the URL parameter observed in the FortiWeb attack event logview in FortiAnalyzer. | |||||
| CVE-2022-30289 | 1 Citeum | 1 Opencti | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored Cross-site Scripting (XSS) vulnerability was identified in the Data Import functionality of OpenCTI through 5.2.4. An attacker can abuse the vulnerability to upload a malicious file that will then be executed by a victim when they open the file location. | |||||
| CVE-2022-30278 | 1 Synopsys | 1 Black Duck Hub | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in Black Duck Hub’s embedded MadCap Flare documentation files could allow an unauthenticated remote attacker to conduct a cross-site scripting attack. The vulnerability is due to improper validation of user-supplied input to MadCap Flare's framework embedded within Black Duck Hub's Help Documentation to supply content. An attacker could exploit this vulnerability by convincing a user to click a link designed to pass malicious input to the interface. A successful exploit could allow the attacker to conduct cross-site scripting attacks and gain access to sensitive browser-based information. | |||||
| CVE-2022-30241 | 1 Jquery Json-viewer Project | 1 Jquery Json-viewer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The jquery.json-viewer library through 1.4.0 for Node.js does not properly escape characters such as < in a JSON object, as demonstrated by a SCRIPT element. | |||||
| CVE-2022-30120 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 3.1with CVSS v3.1 Vector AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. Sanitation has been added where built urls are output. Credit to Credit to Bogdan Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) for reporting | |||||
| CVE-2022-30119 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in /dashboard/reports/logs/view - old browsers only. When using Internet Explorer with the XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 2 with CVSS v3.1 Vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N. Thanks zeroinside for reporting. | |||||