Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1938 | 1 Awin | 1 Awin Data Feed | 2022-11-04 | 3.5 LOW | 5.4 MEDIUM |
| The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a header when processing request to generate analytics data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against a logged in admin viewing the plugin's settings | |||||
| CVE-2022-34173 | 1 Jenkins | 1 Jenkins | 2022-11-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2022-34171 | 1 Jenkins | 1 Jenkins | 2022-11-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Jenkins 2.321 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' (until Jenkins 2.334) and 'alt' attribute of 'l:icon' (since Jenkins 2.335) without further escaping, resulting in a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2022-34170 | 1 Jenkins | 1 Jenkins | 2022-11-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2022-3721 | 1 Froxlor | 1 Froxlor | 2022-11-04 | N/A | 4.6 MEDIUM |
| Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39. | |||||
| CVE-2022-27894 | 1 Palantir | 1 Foundry Blobster | 2022-11-04 | N/A | 5.4 MEDIUM |
| The Foundry Blobster service was found to have a cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Foundry to launch attacks against other users. This vulnerability is resolved in Blobster 3.228.0. | |||||
| CVE-2022-42753 | 1 Salonerp Project | 1 Salonerp | 2022-11-04 | N/A | 6.1 MEDIUM |
| SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks. | |||||
| CVE-2022-3518 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-11-04 | N/A | 4.8 MEDIUM |
| A vulnerability classified as problematic has been found in SourceCodester Sanitization Management System 1.0. Affected is an unknown function of the component User Creation Handler. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is possible to launch the attack remotely. VDB-211014 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-41392 | 1 Totaljs | 1 Total.js | 2022-11-04 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under Main Settings. | |||||
| CVE-2022-43372 | 1 Emlog | 1 Emlog | 2022-11-04 | N/A | 4.8 MEDIUM |
| Emlog Pro v1.7.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /admin/store.php. | |||||
| CVE-2022-44628 | 1 Jumpdemand | 1 4ecps Web Forms | 2022-11-04 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in JumpDEMAND Inc. 4ECPS Web Forms plugin <= 0.2.17 on WordPress. | |||||
| CVE-2022-42750 | 1 Auieo | 1 Candidats | 2022-11-04 | N/A | 8.8 HIGH |
| CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user. | |||||
| CVE-2022-36428 | 1 Rockcontent | 1 Rock Convert | 2022-11-04 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Stage Rock Convert plugin <= 2.11.0 on WordPress. | |||||
| CVE-2022-30615 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2022-11-04 | N/A | 5.4 MEDIUM |
| "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227592. | |||||
| CVE-2022-35642 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2022-11-04 | N/A | 5.4 MEDIUM |
| "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227592." | |||||
| CVE-2022-41435 | 1 Openwrt | 1 Luci | 2022-11-04 | N/A | 5.4 MEDIUM |
| OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted public key comments. | |||||
| CVE-2022-34258 | 2 Adobe, Magento | 2 Commerce, Magento | 2022-11-03 | N/A | 4.8 MEDIUM |
| Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker with admin privileges to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2022-34257 | 2 Adobe, Magento | 2 Commerce, Magento | 2022-11-03 | N/A | 6.1 MEDIUM |
| Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2022-44586 | 1 Am-hili Project | 1 Am-hili | 2022-11-03 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) in Ayoub Media AM-HiLi plugin <= 1.0 on WordPress. | |||||
| CVE-2022-44576 | 1 Agenteasy Properties Project | 1 Agenteasy Properties | 2022-11-03 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in AgentEasy Properties plugin <= 1.0.4 on WordPress. | |||||