Total
38390 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2032 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 3.5 LOW |
| In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system. | |||||
| CVE-2022-2029 | 1 Kromit | 1 Titra | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra prior to 0.77.0. | |||||
| CVE-2022-2028 | 1 Kromit | 1 Titra | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Generic in GitHub repository kromitgmbh/titra prior to 0.77.0. | |||||
| CVE-2022-2026 | 1 Kromit | 1 Titra | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository kromitgmbh/titra prior to 0.77.0. | |||||
| CVE-2022-2020 | 1 Prison Management System Project | 1 Prison Management System | 2024-11-21 | 3.5 LOW | 2.4 LOW |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=system_info of the component System Name Handler. The manipulation with the input <img src="" onerror="alert(1)"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-2016 | 1 Facturascripts | 1 Facturascripts | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.1. | |||||
| CVE-2022-2015 | 1 Diagrams | 1 Drawio | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 19.0.2. | |||||
| CVE-2022-29976 | 1 Altn | 1 Mdaemon | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An Authenticated Reflected Cross-site scripting at BCC Parameter was discovered in MDaemon before 22.0.0 . | |||||
| CVE-2022-29975 | 1 Altn | 1 Mdaemon | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An Authenticated Reflected Cross-site scripting at CC Parameter was discovered in MDaemon before 22.0.0 . | |||||
| CVE-2022-29969 | 1 Mediawiki | 1 Rss For Mediawiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The RSS extension before 2022-04-29 for MediaWiki allows XSS via an rss element (if the feed is in $wgRSSUrlWhitelist and $wgRSSAllowLinkTag is true). | |||||
| CVE-2022-29947 | 1 Woodpecker-ci | 1 Woodpecker | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping. | |||||
| CVE-2022-29940 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities. | |||||
| CVE-2022-29939 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities. | |||||
| CVE-2022-29929 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible | |||||
| CVE-2022-29927 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.3 MEDIUM | 4.6 MEDIUM |
| In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible | |||||
| CVE-2022-29923 | 1 Thingsforrestaurants | 1 Quick Restaurant Reservations | 2024-11-21 | N/A | 5.9 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in ThingsForRestaurants Quick Restaurant Reservations (WordPress plugin) allows Reflected XSS.This issue affects Quick Restaurant Reservations (WordPress plugin): from n/a through 1.4.1. | |||||
| CVE-2022-29907 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d9544a54d9752515aace39df) allows XSS in Advertise link messages. | |||||
| CVE-2022-29894 | 1 Strapi | 1 Strapi | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege. | |||||
| CVE-2022-29890 | 1 Octopus | 1 Octopus Server | 2024-11-21 | N/A | 6.1 MEDIUM |
| In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. | |||||
| CVE-2022-29887 | 1 Intel | 1 Manageability Commander | 2024-11-21 | N/A | 8.1 HIGH |
| Cross-site Scripting (XSS) in some Intel(R) Manageability Commander software before version 2.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||