Total
38343 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28153 | 1 Jenkins | 1 Sitemonitor | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins SiteMonitor Plugin 0.6 and earlier does not escape URLs of sites to monitor in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-28149 | 1 Jenkins | 1 Job And Node Ownership | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-28145 | 1 Jenkins | 1 Continuous Integration With Toad Edge | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier does not apply Content-Security-Policy headers to report files it serves, resulting in a stored cross-site scripting (XSS) exploitable by attackers with Item/Configure permission or otherwise able to control report contents. | |||||
| CVE-2022-28133 | 1 Jenkins | 1 Bitbucket Server Integration | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create BitBucket Server consumers. | |||||
| CVE-2022-28102 | 1 Php Mysql Admin Panel Generator Project | 1 Php Mysql Admin Panel Generator | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Generator v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected at /edit-db.php. | |||||
| CVE-2022-28101 | 1 Lyonbros | 1 Turtl | 2024-11-21 | 6.0 MEDIUM | 9.0 CRITICAL |
| Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> tag during markdown parsing, allowing attackers to execute HTML injection. | |||||
| CVE-2022-28094 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the fid parameter at booking.php. | |||||
| CVE-2022-28081 | 1 Ar-php | 1 Arphp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in the component Query.php of arPHP v3.6.0 allows attackers to execute arbitrary web scripts. | |||||
| CVE-2022-28078 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['page'] parameter. | |||||
| CVE-2022-28077 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['s'] parameter. | |||||
| CVE-2022-28074 | 1 Fit2cloud | 1 Halo | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Halo-1.5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via \admin\index.html#/system/tools. | |||||
| CVE-2022-28051 | 1 Seeddms | 1 Seeddms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The "Add category" functionality inside the "Global Keywords" menu in "SeedDMS" version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code. | |||||
| CVE-2022-27961 | 1 Ofcms Project | 1 Ofcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box. | |||||
| CVE-2022-27920 | 2 Fedoraproject, Kiwix | 2 Fedora, Libkiwix | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. This is fixed in 10.1.0. | |||||
| CVE-2022-27914 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A | 6.1 MEDIUM |
| An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media. | |||||
| CVE-2022-27913 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A | 6.1 MEDIUM |
| An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components. | |||||
| CVE-2022-27910 | 1 Joomlatools | 1 Docman | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Joomla component 'Joomlatools - DOCman 3.5.13 (and likely most versions below)' are affected to an reflected Cross-Site Scripting (XSS) in an image upload function | |||||
| CVE-2022-27894 | 1 Palantir | 1 Foundry Blobster | 2024-11-21 | N/A | 4.8 MEDIUM |
| The Foundry Blobster service was found to have a cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Foundry to launch attacks against other users. This vulnerability is resolved in Blobster 3.228.0. | |||||
| CVE-2022-27887 | 1 Maccms | 1 Maccms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter. | |||||
| CVE-2022-27886 | 1 Maccms | 1 Maccms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/ulog/index.html via the wd parameter. | |||||