Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42111 | 1 Liferay | 2 Dxp, Liferay Portal | 2022-11-17 | N/A | 5.4 MEDIUM |
| A Cross-site scripting (XSS) vulnerability in the Sharing module's user notification in Liferay Portal 7.2.1 through 7.4.2, and Liferay DXP 7.2 before fix pack 19, and 7.3 before update 4 allows remote attackers to inject arbitrary web script or HTML by sharing an asset with a crafted payload. | |||||
| CVE-2022-42119 | 1 Liferay | 2 Dxp, Liferay Portal | 2022-11-17 | N/A | 5.4 MEDIUM |
| Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module. This affects Liferay Portal 7.3.5 through 7.4.2 and Liferay DXP 7.3 before update 8. | |||||
| CVE-2022-42118 | 1 Liferay | 2 Dxp, Liferay Portal | 2022-11-17 | N/A | 6.1 MEDIUM |
| A Cross-site scripting (XSS) vulnerability in the Portal Search module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the `tag` parameter. | |||||
| CVE-2022-42110 | 1 Liferay | 2 Dxp, Liferay Portal | 2022-11-17 | N/A | 6.1 MEDIUM |
| A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2022-43688 | 1 Concretecms | 1 Concrete Cms | 2022-11-16 | N/A | 4.8 MEDIUM |
| Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in icons since the Microsoft application tile color is not sanitized. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. | |||||
| CVE-2022-43692 | 1 Concretecms | 1 Concrete Cms | 2022-11-16 | N/A | 6.1 MEDIUM |
| Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS - user can cause an administrator to trigger reflected XSS with a url if the targeted administrator is using an old browser that lacks XSS protection. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. | |||||
| CVE-2022-43694 | 1 Concretecms | 1 Concrete Cms | 2022-11-16 | N/A | 6.1 MEDIUM |
| Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the image manipulation library due to un-sanitized output. | |||||
| CVE-2021-40272 | 1 Op5 | 1 Monitor | 2022-11-16 | N/A | 6.1 MEDIUM |
| OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2022-43342 | 1 Eramba | 1 Eramba | 2022-11-16 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field. | |||||
| CVE-2022-34315 | 1 Ibm | 1 Cics Tx | 2022-11-16 | N/A | 5.4 MEDIUM |
| IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229451. | |||||
| CVE-2022-1928 | 1 Gitea | 1 Gitea | 2022-11-16 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9. | |||||
| CVE-2022-44390 | 1 Eyoucms | 1 Eyoucms | 2022-11-16 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Record Number text field. | |||||
| CVE-2022-42001 | 1 Hallowelt | 1 Bluespice | 2022-11-16 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in BlueSpiceBookshelf extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the book navigation. | |||||
| CVE-2022-3958 | 1 Hallowelt | 1 Bluespice | 2022-11-16 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in BlueSpiceUserSidebar extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the personal menu navigation of their own and other users. This allows for targeted attacks. | |||||
| CVE-2022-3893 | 1 Hallowelt | 1 Bluespice | 2022-11-16 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in BlueSpiceCustomMenu extension of BlueSpice allows user with admin permissions to inject arbitrary HTML into the custom menu navigation of the application. | |||||
| CVE-2022-3895 | 1 Hallowelt | 2 Bluespice, Common User Interface | 2022-11-16 | N/A | 6.1 MEDIUM |
| Some UI elements of the Common User Interface Component are not properly sanitizing output and therefore prone to output arbitrary HTML (XSS). | |||||
| CVE-2022-42000 | 1 Hallowelt | 1 Bluespice | 2022-11-16 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in BlueSpiceSocialProfile extension of BlueSpice allows user with comment permissions to inject arbitrary HTML into the comment section of a wikipage. | |||||
| CVE-2022-41611 | 1 Hallowelt | 1 Bluespice | 2022-11-16 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows user with admin privileges to inject arbitrary HTML into the main navigation of the application. | |||||
| CVE-2022-41789 | 1 Hallowelt | 1 Bluespice | 2022-11-16 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows logged in user with edit permissions to inject arbitrary HTML into the default page header of a wikipage. | |||||
| CVE-2022-41814 | 1 Hallowelt | 1 Bluespice | 2022-11-16 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in BlueSpiceFoundation extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the history view of a wikipage. | |||||