Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4069 | 1 Librenms | 1 Librenms | 2022-11-21 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0. | |||||
| CVE-2022-4067 | 1 Librenms | 1 Librenms | 2022-11-21 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0. | |||||
| CVE-2022-3562 | 1 Librenms | 1 Librenms | 2022-11-21 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0. | |||||
| CVE-2022-3561 | 1 Librenms | 1 Librenms | 2022-11-21 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0. | |||||
| CVE-2022-3516 | 1 Librenms | 1 Librenms | 2022-11-21 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0. | |||||
| CVE-2022-43463 | 1 Yikesinc | 1 Custom Product Tabs For Woocommerce | 2022-11-20 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Custom Product Tabs for WooCommerce plugin <= 1.7.9 on WordPress. | |||||
| CVE-2022-40698 | 1 Expresstech | 1 Quiz And Survey Master | 2022-11-20 | N/A | 6.1 MEDIUM |
| Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress. | |||||
| CVE-2022-41558 | 1 Tibco | 4 Spotfire Analyst, Spotfire Analytics Platform, Spotfire Desktop and 1 more | 2022-11-18 | N/A | 5.4 MEDIUM |
| The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 11.4.4 and below, TIBCO Spotfire Analyst: versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, and 12.0.1, TIBCO Spotfire Analyst: version 12.1.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 12.1.0 and below, TIBCO Spotfire Desktop: versions 11.4.4 and below, TIBCO Spotfire Desktop: versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, and 12.0.1, TIBCO Spotfire Desktop: version 12.1.0, TIBCO Spotfire Server: versions 11.4.8 and below, TIBCO Spotfire Server: versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.7.0, 11.8.0, 11.8.1, 12.0.0, and 12.0.1, and TIBCO Spotfire Server: version 12.1.0. | |||||
| CVE-2022-44002 | 1 Backclick | 1 Backclick | 2022-11-18 | N/A | 6.1 MEDIUM |
| An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient output encoding of user-supplied data, the web application is vulnerable to cross-site scripting (XSS) at various locations. | |||||
| CVE-2022-3975 | 1 Nukeviet | 1 Nukeviet | 2022-11-18 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in NukeViet CMS. Affected by this issue is the function filterAttr of the file vendor/vinades/nukeviet/Core/Request.php of the component Data URL Handler. The manipulation of the argument attrSubSet leads to cross site scripting. The attack may be launched remotely. Upgrading to version 4.5 is able to address this issue. The name of the patch is 0b3197fad950bb3383e83039a8ee4c9509b3ce02. It is recommended to upgrade the affected component. VDB-213554 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-45380 | 1 Jenkins | 1 Junit | 2022-11-18 | N/A | 5.4 MEDIUM |
| Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-45382 | 1 Jenkins | 1 Naginator | 2022-11-18 | N/A | 5.4 MEDIUM |
| Jenkins Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to edit build display names. | |||||
| CVE-2022-45375 | 1 Cyberchimps | 1 Ifeature Slider | 2022-11-18 | N/A | 5.4 MEDIUM |
| Auth. Stored Cross-Site Scripting (XSS) vulnerability in iFeature Slider plugin <= 1.2 on WordPress. | |||||
| CVE-2022-44736 | 1 Chameleon Project | 1 Chameleon | 2022-11-18 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Chameleon plugin <= 1.4.3 on WordPress. | |||||
| CVE-2022-44591 | 1 Anthologize Project | 1 Anthologize | 2022-11-18 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anthologize plugin <= 0.8.0 on WordPress. | |||||
| CVE-2022-38390 | 1 Ibm | 1 Business Automation Workflow | 2022-11-18 | N/A | 5.4 MEDIUM |
| Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233978. | |||||
| CVE-2022-43332 | 1 Wondercms | 1 Wondercms | 2022-11-18 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel. | |||||
| CVE-2022-43142 | 1 Password Storage Application Project | 1 Password Storage Application | 2022-11-18 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the add-fee.php component of Password Storage Application v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter. | |||||
| CVE-2022-4053 | 1 Student Attendance Management System Project | 1 Student Attendance Management System | 2022-11-18 | N/A | 4.8 MEDIUM |
| A vulnerability was found in Student Attendance Management System. It has been classified as problematic. Affected is an unknown function of the file createClass.php. The manipulation of the argument className leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-213846 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-20839 | 1 Cisco | 1 Firepower Management Center | 2022-11-18 | N/A | 4.8 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. | |||||