Total
38343 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28508 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field. | |||||
| CVE-2022-28507 | 1 Bdt-121 Project | 2 Bdt-121, Bdt-121 Firmware | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Dragon Path Technologies Bharti Airtel Routers Hardware BDT-121 version 1.0 is vulnerable to Cross Site Scripting (XSS) via Dragon path router admin page. | |||||
| CVE-2022-28479 | 1 Seeddms | 1 Seeddms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS. An attacker with admin privileges can inject the payload inside the "Role management" menu and then trigger the payload by loading the "Users management" menu | |||||
| CVE-2022-28477 | 1 Wbce | 1 Wbce Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2022-28464 | 1 Apifox | 1 Apifox | 2024-11-21 | 6.0 MEDIUM | 9.0 CRITICAL |
| Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which can lead to remote code execution. | |||||
| CVE-2022-28454 | 1 Limbas | 1 Limbas | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Limbas 4.3.36.1319 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2022-28450 | 1 Nopcommerce | 1 Nopcommerce | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the "Text" parameter (forums) when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser. | |||||
| CVE-2022-28449 | 1 Nopcommerce | 1 Nopcommerce | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At Apply for vendor account feature, an attacker can upload an arbitrary file to the system. | |||||
| CVE-2022-28448 | 1 Nopcommerce | 1 Nopcommerce | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An attacker (role customer) can inject javascript code to First name or Last name at Customer Info. | |||||
| CVE-2022-28379 | 1 Nginxproxymanager | 1 Nginx Proxy Manager | 2024-11-21 | 3.5 LOW | 6.8 MEDIUM |
| jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion. | |||||
| CVE-2022-28378 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Craft CMS before 3.7.29 allows XSS. | |||||
| CVE-2022-28368 | 1 Dompdf Project | 1 Dompdf | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file). | |||||
| CVE-2022-28367 | 1 Antisamy Project | 1 Antisamy | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. | |||||
| CVE-2022-28290 | 1 Welaunch | 1 Wordpress Country Selector | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP request | |||||
| CVE-2022-28222 | 1 Cleantalk | 1 Antispam | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter in`/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php` | |||||
| CVE-2022-28221 | 1 Cleantalk | 1 Antispam | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter in`/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Comments.php` | |||||
| CVE-2022-28216 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated attacker due to improper sanitization of the user inputs on the network. On successful exploitation, an attacker can access certain reports causing a limited impact on confidentiality of the application data. | |||||
| CVE-2022-28202 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete. | |||||
| CVE-2022-28172 | 1 Hikvision | 22 Ds-a71024, Ds-a71024 Firmware, Ds-a71048 and 19 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to XSS attack by sending messages with malicious commands to the affected device. | |||||
| CVE-2022-28159 | 1 Jenkins | 1 Tests Selector | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||