Total
38172 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23980 | 1 Yet Another Stars Rating Project | 1 Yet Another Stars Rating | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability discovered in Yasr – Yet Another Stars Rating WordPress plugin (versions <= 2.9.9), vulnerable at parameter 'source'. | |||||
| CVE-2022-23916 | 1 Appleple | 1 A-blog Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-24374. | |||||
| CVE-2022-23912 | 1 Accesspressthemes | 1 Ap Custom Testimonial | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not sanitise and escape the id parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting | |||||
| CVE-2022-23907 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage. | |||||
| CVE-2022-23903 | 1 Pearadmin | 1 Pear Admin Think | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in pearadmin pear-admin-think <=5.0.6, which allows a login account to access arbitrary functions and cause stored XSS through a fake User-Agent. | |||||
| CVE-2022-23896 | 1 Admidio | 1 Admidio | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Admidio 4.1.2 version is affected by stored cross-site scripting (XSS). | |||||
| CVE-2022-23872 | 1 Emlog | 1 Emlog | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Emlog pro v1.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /admin/configure.php via the parameter footer_info. | |||||
| CVE-2022-23871 | 1 Gibbonedu | 1 Gibbon | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the component outcomes_addProcess.php of Gibbon CMS v22.0.01 allow attackers to execute arbitrary web scripts or HTML via a crafted payload insterted into the name, category, description parameters. | |||||
| CVE-2022-23801 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media. | |||||
| CVE-2022-23800 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vulnerabilities in various components. | |||||
| CVE-2022-23796 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using com_fields. | |||||
| CVE-2022-23791 | 1 Firmanet | 1 Customer Relation Manager | 2024-11-21 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firmanet Software and Technology Customer Relation Manager allows Cross-Site Scripting (XSS).This issue affects Customer Relation Manager: before 2022.03.13. | |||||
| CVE-2022-23790 | 1 Firmanet | 1 Technology Customer Relation Manager | 2024-11-21 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firmanet Software and Technology Customer Relation Manager allows Cross-Site Scripting (XSS).This issue affects Customer Relation Manager: before 2022.03.13. | |||||
| CVE-2022-23733 | 1 Github | 1 Enterprise Server | 2024-11-21 | N/A | 5.4 MEDIUM |
| A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github's Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.3.11, 3.4.6 and 3.5.3. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2022-23713 | 1 Elastic | 1 Kibana | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site-scripting (XSS) vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser. | |||||
| CVE-2022-23710 | 1 Elastic | 1 Kibana | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow arbitrary JavaScript to be executed in a victim’s browser. | |||||
| CVE-2022-23707 | 1 Elastic | 1 Kibana | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users | |||||
| CVE-2022-23706 | 1 Hp | 1 Oneview | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView. | |||||
| CVE-2022-23697 | 1 Hp | 1 Oneview | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. | |||||
| CVE-2022-23675 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||