Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25229 | 1 Popcorn Time Project | 1 Popcorn Time | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Server(s)' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands. | |||||
| CVE-2022-25224 | 1 Proton Project | 1 Proton | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Proton v0.2.0 allows an attacker to create a malicious link inside a markdown file. When the victim clicks the link, the application opens the site in the current frame allowing an attacker to host JavaScript code in the malicious link in order to trigger an XSS attack. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands. | |||||
| CVE-2022-25221 | 1 Money Transfer Management System Project | 1 Money Transfer Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Money Transfer Management System Version 1.0 allows an attacker to inject JavaScript code in the URL and then trick a user into visit the link in order to execute JavaScript code. | |||||
| CVE-2022-25220 | 1 Petereport Project | 1 Petereport | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding. | |||||
| CVE-2022-25203 | 1 Jenkins | 1 Team Views | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Team Views Plugin 0.9.0 and earlier does not escape team names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Read permission. | |||||
| CVE-2022-25202 | 1 Jenkins | 1 Promoted Builds \(simple\) | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name of custom promotion levels, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. | |||||
| CVE-2022-25191 | 1 Jenkins | 1 Agent Server Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape parameter names of agent server parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-25189 | 1 Jenkins | 1 Custom Checkbox Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Custom Checkbox Parameter Plugin 1.1 and earlier does not escape parameter names of custom checkbox parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-25185 | 1 Jenkins | 1 Generic Webhook Trigger | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using the webhook, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-25138 | 1 Axelor | 1 Open Suite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Axelor Open Suite v5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Name parameter. | |||||
| CVE-2022-25114 | 1 Event Management Project | 1 Event Management | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Event Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the full_name parameter under register.php. | |||||
| CVE-2022-25069 | 1 Marktext | 1 Marktext | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
| Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to perform remote code execution (RCE) via injecting a crafted payload into /lib/contentState/pasteCtrl.js. | |||||
| CVE-2022-25038 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| wanEditor v4.7.11 was discovered to contain a cross-site scripting (XSS) vulnerability via the video upload function. | |||||
| CVE-2022-25037 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| An issue in wanEditor v4.7.11 and fixed in v.4.7.12 and v.5 was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function. | |||||
| CVE-2022-25028 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Home Owners Collection Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the collected_by parameter under the List of Collections module. | |||||
| CVE-2022-25022 | 1 Htmly | 1 Htmly | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post. | |||||
| CVE-2022-25020 | 1 Pluxml | 1 Pluxml | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post. | |||||
| CVE-2022-25015 | 1 Icehrm | 1 Icehrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Ice Hrm 30.0.0.OS allows attackers to steal cookies via a crafted payload inserted into the First Name field. | |||||
| CVE-2022-25014 | 1 Icehrm | 1 Icehrm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ice Hrm 30.0.0.OS was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "m" parameter in the Dashboard of the current user. This vulnerability allows attackers to compromise session credentials via user interaction with a crafted link. | |||||
| CVE-2022-25013 | 1 Icehrm | 1 Icehrm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ice Hrm 30.0.0.OS was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the "key" and "fm" parameters in the component login.php. | |||||