Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27546 | 1 Hcltech | 2 Domino, Hcl Inotes | 2024-11-21 | N/A | 8.3 HIGH |
| HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser within the security context of the hosting web site and/or steal the victim's cookie-based authentication credentials. | |||||
| CVE-2022-27545 | 1 Hcltech | 1 Bigfix Platform | 2024-11-21 | N/A | 4.6 MEDIUM |
| BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page. | |||||
| CVE-2022-27505 | 1 Citrix | 24 Sd-wan 1000, Sd-wan 1000 Firmware, Sd-wan 110 and 21 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected cross site scripting (XSS) | |||||
| CVE-2022-27503 | 1 Citrix | 1 Storefront Server | 2024-11-21 | 2.6 LOW | 6.1 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9 | |||||
| CVE-2022-27496 | 1 Zero-channel Plus Project | 1 Zero-channel Plus | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Zero-channel BBS Plus v0.7.4 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2022-27476 | 1 Newbee-mall Project | 1 Newbee-mall | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability at /admin/goods/update in Newbee-Mall v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the goodsName parameter. | |||||
| CVE-2022-27475 | 1 Hotel Management System Project | 1 Hotel Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in tramyardg hotel-mgmt-system, allows attackers to execute arbitrary code when when /admin.php is loaded. | |||||
| CVE-2022-27462 | 1 Wwbn | 1 Avideo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in objects/function.php in function getDeviceID in WWBN AVideo through 11.6, via the yptDevice parameter to view/include/head.php. | |||||
| CVE-2022-27441 | 1 Tpcms Project | 1 Tpcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in TPCMS v3.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Phone text box. | |||||
| CVE-2022-27436 | 1 Ecommerce-website Project | 1 Ecommerce-website | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_user at Ecommerce-Website v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username text field. | |||||
| CVE-2022-27428 | 1 Gallerycms Project | 1 Gallerycms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in /index.php/album/add of GalleryCMS v2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the album_name parameter. | |||||
| CVE-2022-27425 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Chamilo LMS v1.11.13 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /blog/blog.php. | |||||
| CVE-2022-27422 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in Chamilo LMS v1.11.13 allows attackers to execute arbitrary web scripts or HTML via user interaction with a crafted URL. | |||||
| CVE-2022-27348 | 1 Socialcodia | 1 Social Codia Sms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Social Codia SMS v1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field. | |||||
| CVE-2022-27330 | 1 E-commerce Website Project | 1 E-commerce Website | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field. | |||||
| CVE-2022-27308 | 1 Phprojekt Phpsimplygest Project | 1 Phprojekt Phpsimplygest | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in PHProjekt PhpSimplyGest v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a project title. | |||||
| CVE-2022-27280 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the web_exec parameter at /apply.cgi. | |||||
| CVE-2022-27258 | 1 Hubzilla | 1 Hubzilla | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross-Site Scripting (XSS) vulnerabilities in Hubzilla 7.0.3 and earlier allows remote attacker to include arbitrary web script or HTML via the rpath parameter. | |||||
| CVE-2022-27246 | 1 Misp | 1 Misp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in MISP before 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default. | |||||
| CVE-2022-27244 | 1 Misp | 1 Misp | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in MISP before 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user. | |||||