Total
38256 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25582 | 1 Classcms Project | 1 Classcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Column module of ClassCMS v2.5 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Articles field. | |||||
| CVE-2022-25575 | 1 Hongmen | 1 Parking Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Parking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via crafted payloads injected into the user name, password, and verification code text boxes. | |||||
| CVE-2022-25574 | 1 Douco | 1 Douphp | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file. | |||||
| CVE-2022-25507 | 1 Freetakserver-ui Project | 1 Freetakserver-ui | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Callsign parameter. | |||||
| CVE-2022-25493 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmentrecord.php. | |||||
| CVE-2022-25489 | 1 Thedigitalcraft | 1 Atomcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "A" parameter in /widgets/debug.php. | |||||
| CVE-2022-25464 | 1 Html-js | 1 Doracms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component /admin/contenttemp of DoraCMS v2.1.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2022-25413 | 1 Max-3000 | 1 Maxsite Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Maxsite CMS v108 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_tags at /admin/page_edit/3. | |||||
| CVE-2022-25410 | 1 Max-3000 | 1 Maxsite Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Maxsite CMS v180 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_file_description at /admin/files. | |||||
| CVE-2022-25409 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail parameter at /admin-panel1.php. | |||||
| CVE-2022-25408 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword parameter at /admin-panel1.php. | |||||
| CVE-2022-25407 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Doctor parameter at /admin-panel1.php. | |||||
| CVE-2022-25395 | 1 Cosmetics And Beauty Product Online Store Project | 1 Cosmetics And Beauty Product Online Store | 2024-11-21 | 4.3 MEDIUM | 9.6 CRITICAL |
| Cosmetics and Beauty Product Online Store v1.0 was discovered to contain multiple reflected cross-site scripting (XSS) attacks via the search parameter under the /cbpos/ app. | |||||
| CVE-2022-25373 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history. | |||||
| CVE-2022-25370 | 1 Apache | 1 Ofbiz | 2024-11-21 | N/A | 5.4 MEDIUM |
| Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142), an unauthenticated malicious user could perform a stored XSS attack in order to inject a malicious payload and execute it using the stored XSS. | |||||
| CVE-2022-25349 | 1 Materializecss | 1 Materialize | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| All versions of package materialize-css are vulnerable to Cross-site Scripting (XSS) due to improper escape of user input (such as <not-a-tag />) that is being parsed as HTML/JavaScript, and inserted into the Document Object Model (DOM). This vulnerability can be exploited when the user-input is provided to the autocomplete component. | |||||
| CVE-2022-25344 | 1 Olivetti | 2 D-color Mf3555, D-color Mf3555 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 devices. The Web Application doesn't properly check parameters, sent in a /dvcset/sysset/set.cgi POST request via the arg01.Hostname field, before saving them on the server. In addition, the JavaScript malicious content is then reflected back to the end user and executed by the web browser. | |||||
| CVE-2022-25323 | 1 Zerof | 1 Web Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ZEROF Web Server 2.0 allows /admin.back XSS. | |||||
| CVE-2022-25321 | 1 Cerebrate-project | 1 Cerebrate | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Cerebrate through 1.4. XSS could occur in the bookmarks component. | |||||
| CVE-2022-25317 | 1 Cerebrate-project | 1 Cerebrate | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description. | |||||