Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28172 | 1 Hikvision | 22 Ds-a71024, Ds-a71024 Firmware, Ds-a71048 and 19 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to XSS attack by sending messages with malicious commands to the affected device. | |||||
| CVE-2022-28159 | 1 Jenkins | 1 Tests Selector | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-28153 | 1 Jenkins | 1 Sitemonitor | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins SiteMonitor Plugin 0.6 and earlier does not escape URLs of sites to monitor in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-28149 | 1 Jenkins | 1 Job And Node Ownership | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-28145 | 1 Jenkins | 1 Continuous Integration With Toad Edge | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier does not apply Content-Security-Policy headers to report files it serves, resulting in a stored cross-site scripting (XSS) exploitable by attackers with Item/Configure permission or otherwise able to control report contents. | |||||
| CVE-2022-28133 | 1 Jenkins | 1 Bitbucket Server Integration | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create BitBucket Server consumers. | |||||
| CVE-2022-28102 | 1 Php Mysql Admin Panel Generator Project | 1 Php Mysql Admin Panel Generator | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Generator v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected at /edit-db.php. | |||||
| CVE-2022-28101 | 1 Lyonbros | 1 Turtl | 2024-11-21 | 6.0 MEDIUM | 9.0 CRITICAL |
| Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> tag during markdown parsing, allowing attackers to execute HTML injection. | |||||
| CVE-2022-28094 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the fid parameter at booking.php. | |||||
| CVE-2022-28081 | 1 Ar-php | 1 Arphp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in the component Query.php of arPHP v3.6.0 allows attackers to execute arbitrary web scripts. | |||||
| CVE-2022-28078 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['page'] parameter. | |||||
| CVE-2022-28077 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['s'] parameter. | |||||
| CVE-2022-28074 | 1 Fit2cloud | 1 Halo | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Halo-1.5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via \admin\index.html#/system/tools. | |||||
| CVE-2022-28051 | 1 Seeddms | 1 Seeddms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The "Add category" functionality inside the "Global Keywords" menu in "SeedDMS" version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code. | |||||
| CVE-2022-27961 | 1 Ofcms Project | 1 Ofcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box. | |||||
| CVE-2022-27920 | 2 Fedoraproject, Kiwix | 2 Fedora, Libkiwix | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. This is fixed in 10.1.0. | |||||
| CVE-2022-27914 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A | 6.1 MEDIUM |
| An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media. | |||||
| CVE-2022-27913 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A | 6.1 MEDIUM |
| An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components. | |||||
| CVE-2022-27910 | 1 Joomlatools | 1 Docman | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Joomla component 'Joomlatools - DOCman 3.5.13 (and likely most versions below)' are affected to an reflected Cross-Site Scripting (XSS) in an image upload function | |||||
| CVE-2022-27894 | 1 Palantir | 1 Foundry Blobster | 2024-11-21 | N/A | 4.8 MEDIUM |
| The Foundry Blobster service was found to have a cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Foundry to launch attacks against other users. This vulnerability is resolved in Blobster 3.228.0. | |||||