Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24582 | 1 Accounting Journal Management Project | 1 Accounting Journal Management | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Accounting Journal Management 1.0 is vulnerable to XSS-PHPSESSID-Hijacking. The parameter manage_user from User lists is vulnerable to XSS-Stored and PHPSESSID attacks. The malicious user can attack the system by using the already session which he has from inside and outside of the network. | |||||
| CVE-2022-24573 | 1 Element-it | 1 Http Commander | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent field. | |||||
| CVE-2022-24572 | 1 Car Driving School Management System Project | 1 Car Driving School Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Car Driving School Management System v1.0 is affected by Cross Site Scripting (XSS) in the User Enrollment Form (Username Field). To exploit this Vulnerability, an admin views the registered user details. | |||||
| CVE-2022-24566 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting (XSS). | |||||
| CVE-2022-24565 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability. The Alias of a site was not properly escaped when shown as condition for notifications. | |||||
| CVE-2022-24564 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. While creating or editing a user attribute, the Help Text is subject to HTML injection, which can be triggered for editing a user. | |||||
| CVE-2022-24563 | 1 Metalgenix | 1 Genixcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the intro_title and intro_image parameters. | |||||
| CVE-2022-24435 | 1 Phpuploader Project | 1 Phpuploader | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in phpUploader v1.2 and earlier allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2022-24432 | 1 Ipcomm | 2 Ipdio, Ipdio Firmware | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
| Persistent cross-site scripting (XSS) in the web interface of ipDIO allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into specific fields. The XSS payload will be executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services). | |||||
| CVE-2022-24399 | 1 Sap | 1 Focused Run | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The SAP Focused Run (Real User Monitoring) - versions 200, 300, REST service does not sufficiently sanitize the input name of the file using multipart/form-data, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2022-24397 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of portal Website. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of victim’s web browser. | |||||
| CVE-2022-24395 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2022-24386 | 1 Smartertools | 1 Smartertrack | 2024-11-21 | 3.5 LOW | 8.8 HIGH |
| Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. | |||||
| CVE-2022-24384 | 1 Smartertools | 1 Smartertrack | 2024-11-21 | 4.3 MEDIUM | 8.8 HIGH |
| Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. | |||||
| CVE-2022-24374 | 1 Appleple | 1 A-blog Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-23916. | |||||
| CVE-2022-24347 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon. | |||||
| CVE-2022-24344 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page. | |||||
| CVE-2022-24339 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS. | |||||
| CVE-2022-24338 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS. | |||||
| CVE-2022-24238 | 1 Aceware | 1 Aceweb Online Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp. | |||||