Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27063 | 1 Aerocms Project | 1 Aerocms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field. | |||||
| CVE-2022-27062 | 1 Aerocms Project | 1 Aerocms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field. | |||||
| CVE-2022-26980 | 1 Teampass | 1 Teampass | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO. | |||||
| CVE-2022-26978 | 1 Barco | 1 Control Room Management Suite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint. The os_username parameters is not correctly sanitized, leading to reflected XSS. | |||||
| CVE-2022-26977 | 1 Barco | 1 Control Room Management Suite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization of the upload mechanism is leads to stored XSS. | |||||
| CVE-2022-26976 | 1 Barco | 1 Control Room Management Suite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS. | |||||
| CVE-2022-26974 | 1 Barco | 1 Control Room Management Suite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a file upload mechanism. Lack of input sanitization in the upload mechanism leads to reflected XSS. | |||||
| CVE-2022-26972 | 1 Barco | 1 Control Room Management Suite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to reflected XSS. | |||||
| CVE-2022-26951 | 1 Rsa | 1 Archer | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerability. A remote SAML-unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and gets executed by the web browser in the context of the vulnerable web application. | |||||
| CVE-2022-26947 | 1 Rsa | 1 Archer | 2024-11-21 | 3.5 LOW | 6.3 MEDIUM |
| Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and gets executed by the web browser in the context of the vulnerable web application. | |||||
| CVE-2022-26888 | 1 Intel | 1 Quartus Prime | 2024-11-21 | N/A | 2.8 LOW |
| Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-26874 | 2 Debian, Horde | 2 Debian Linux, Horde Mime Viewer | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering. | |||||
| CVE-2022-26866 | 1 Dell | 1 Powerstoreos | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
| Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site Scripting vulnerability. A high privileged network attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | |||||
| CVE-2022-26842 | 1 Wwbn | 1 Avideo | 2024-11-21 | N/A | 9.6 CRITICAL |
| A reflected cross-site scripting (xss) vulnerability exists in the charts tab selection functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability. | |||||
| CVE-2022-26673 | 1 Asus | 2 Rt-ax88u, Rt-ax88u Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| ASUS RT-AX88U has insufficient filtering for special characters in the HTTP header parameter. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform Stored Cross-Site Scripting (XSS) attacks. | |||||
| CVE-2022-26644 | 1 Banking System Project | 1 Banking System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Online Banking System Protect v1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via parameters on user profile, system_info and accounts management. | |||||
| CVE-2022-26624 | 1 Ecommerce Codeigniter Bootstrap Project | 1 Ecommerce Codeigniter Bootstrap | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Bootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Title parameter in /vendor/views/add_product.php. | |||||
| CVE-2022-26616 | 1 Public Knowledge Project | 1 Open Journal Systems | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PKP Vendor Open Journal System v2.4.8 to v3.3.8 allows attackers to perform reflected cross-site scripting (XSS) attacks via crafted HTTP headers. | |||||
| CVE-2022-26615 | 1 College Website Content Management System Project | 1 College Website Content Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in College Website Content Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User Profile Name text fields. | |||||
| CVE-2022-26597 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Layout module's Open Graph integration in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the site name. | |||||