Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29811 | 1 Jetbrains | 1 Hub | 2024-11-21 | 3.5 LOW | 6.1 MEDIUM |
| In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible. | |||||
| CVE-2022-29770 | 1 Xuxueli | 1 Xxl-job | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo. | |||||
| CVE-2022-29734 | 1 Ict | 2 Protege Gx, Protege Wx | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. | |||||
| CVE-2022-29732 | 1 Deltacontrols | 2 Entelitouch, Entelitouch Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting (XSS) vulnerability via the Username parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2022-29728 | 1 Surveysparrow | 1 Enterprise Survey Software | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Survey Sparrow Enterprise Survey Software 2022 has a Reflected cross-site scripting (XSS) vulnerability in the test parameter. | |||||
| CVE-2022-29727 | 1 Surveysparrow | 1 Enterprise Survey Software | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting (XSS) vulnerability in the Signup parameter. | |||||
| CVE-2022-29711 | 1 Librenms | 1 Librenms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php. | |||||
| CVE-2022-29710 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin. | |||||
| CVE-2022-29653 | 1 Ofcms Project | 1 Ofcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json. | |||||
| CVE-2022-29649 | 1 Qsmart Next Project | 1 Qsmart Next | 2024-11-21 | N/A | 6.1 MEDIUM |
| Qsmart Next v4.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2022-29648 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request. | |||||
| CVE-2022-29628 | 1 Online Market Place Site Project | 1 Online Market Place Site | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /omps/seller of Online Market Place Site v1.0 allows attackers to execute arbitrary web cripts or HTML via a crafted payload injected into the Page parameter. | |||||
| CVE-2022-29618 | 1 Sap | 1 Netweaver Development Infrastructure | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | |||||
| CVE-2022-29610 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack. | |||||
| CVE-2022-29602 | 1 Grid Elements Project | 1 Grid Elements | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The gridelements (aka Grid Elements) extension through 7.6.1, 8.x through 8.7.0, 9.x through 9.7.0, and 10.x through 10.2.0 extension for TYPO3 allows XSS. | |||||
| CVE-2022-29598 | 1 Solutions-atlantic | 1 Regulatory Reporting System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to an reflected Cross-Site Scripting (XSS) vulnerability via RRSWeb/maint/ShowDocument/ShowDocument.aspx . | |||||
| CVE-2022-29589 | 1 Crypt-server Project | 1 Crypt-server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Crypt Server before 3.3.0 allows XSS in the index view. This is related to serial, computername, and username. | |||||
| CVE-2022-29584 | 1 Mahara | 1 Mahara | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action. | |||||
| CVE-2022-29577 | 2 Antisamy Project, Oracle | 3 Antisamy, Enterprise Manager Base Platform, Weblogic Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367. | |||||
| CVE-2022-29548 | 1 Wso2 | 9 Api Manager, Api Manager Analytics, Api Microgateway and 6 more | 2024-11-21 | 4.3 MEDIUM | 4.6 MEDIUM |
| A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro Integrator 1.0.0. | |||||