Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3845 | 1 Phpipam | 1 Phpipam | 2022-11-03 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in phpipam and classified as problematic. Affected by this vulnerability is an unknown functionality of the file app/admin/import-export/import-load-data.php of the component Import Preview Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.0 is able to address this issue. The name of the patch is 22c797c3583001211fe7d31bccd3f1d4aeeb3bbc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-212863. | |||||
| CVE-2016-7103 | 5 Fedoraproject, Jquery, Netapp and 2 more | 9 Fedora, Jquery Ui, Snapcenter and 6 more | 2022-11-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. | |||||
| CVE-2022-38339 | 1 Safe | 1 Fme Server | 2022-11-03 | N/A | 6.1 MEDIUM |
| Safe Software FME Server v2021.2.5, v2022.0.0.2 and below contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login page. | |||||
| CVE-2022-39375 | 1 Glpi-project | 1 Glpi | 2022-11-03 | N/A | 5.4 MEDIUM |
| GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to create a public RSS feed to inject malicious code in dashboards of other users. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds. | |||||
| CVE-2022-39373 | 1 Glpi-project | 1 Glpi | 2022-11-03 | N/A | 4.8 MEDIUM |
| GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Administrator may store malicious code in entity name. This issue has been patched, please upgrade to version 10.0.4. | |||||
| CVE-2022-39372 | 1 Glpi-project | 1 Glpi | 2022-11-03 | N/A | 5.4 MEDIUM |
| GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Authenticated users may store malicious code in their account information. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds. | |||||
| CVE-2022-39371 | 1 Glpi-project | 1 Glpi | 2022-11-03 | N/A | 5.4 MEDIUM |
| GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Script related HTML tags in assets inventory information are not properly neutralized. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds. | |||||
| CVE-2022-39277 | 1 Glpi-project | 1 Glpi | 2022-11-03 | N/A | 4.8 MEDIUM |
| GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. External links are not properly sanitized and can therefore be used for a Cross-Site Scripting (XSS) attack. This issue has been patched, please upgrade to GLPI 10.0.4. There are currently no known workarounds. | |||||
| CVE-2022-39950 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2022-11-03 | N/A | 5.4 MEDIUM |
| An improper neutralization of input during web page generation vulnerability [CWE-79] exists in FortiManager and FortiAnalyzer 6.0.0 all versions, 6.2.0 all versions, 6.4.0 through 6.4.8, and 7.0.0 through 7.0.4. Report templates may allow a low privilege level attacker to perform an XSS attack via posting a crafted CKeditor "protected" comment as described in CVE-2020-9281. | |||||
| CVE-2022-39262 | 1 Glpi-project | 1 Glpi | 2022-11-03 | N/A | 4.8 MEDIUM |
| GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package, GLPI administrator can define rich-text content to be displayed on login page. The displayed content is can contains malicious code that can be used to steal credentials. This issue has been patched, please upgrade to version 10.0.4. | |||||
| CVE-2022-2904 | 1 Gitlab | 1 Gitlab | 2022-11-03 | N/A | 5.4 MEDIUM |
| A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 It was possible to exploit a vulnerability in the external status checks feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side. | |||||
| CVE-2020-36608 | 1 Tribalsystems | 1 Zenario | 2022-11-03 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS. Affected by this issue is some unknown functionality of the file admin_organizer.js of the component Error Log Module. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is dfd0afacb26c3682a847bea7b49ea440b63f3baa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212816. | |||||
| CVE-2022-40289 | 1 Phppointofsale | 1 Php Point Of Sale | 2022-11-03 | N/A | 9.0 CRITICAL |
| The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality, which could be leveraged to escalate privileges or compromise any accounts they can coerce into observing the targeted files. | |||||
| CVE-2022-3783 | 1 Nodered | 1 Node-red-dashboard | 2022-11-03 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component ui_text Format Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 9305d1a82f19b235dfad24a7d1dd4ed244db7743. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212555. | |||||
| CVE-2022-3402 | 1 Facetwp | 1 Log Http Requests | 2022-11-03 | N/A | 6.1 MEDIUM |
| The Log HTTP Requests plugin for WordPress is vulnerable to Stored Cross-Site Scripting via logged HTTP requests in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers who can trick a site's administrator into performing an action like clicking on a link, or an authenticated user with access to a page that sends a request using user-supplied data via the server, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2022-25849 | 1 Hyperdown Project | 1 Hyperdown | 2022-11-03 | N/A | 6.1 MEDIUM |
| The package joyqi/hyper-down from 0.0.0 are vulnerable to Cross-site Scripting (XSS) because the module of parse markdown does not filter the href attribute very well. | |||||
| CVE-2022-43670 | 1 Apache | 1 Sling Cms | 2022-11-03 | N/A | 5.4 MEDIUM |
| An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature. | |||||
| CVE-2022-40840 | 1 Ndk-design | 1 Ndkadvancedcustomizationfields | 2022-11-03 | N/A | 6.1 MEDIUM |
| ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Cross Site Scripting (XSS) via createPdf.php. | |||||
| CVE-2022-38374 | 1 Fortinet | 1 Fortiadc | 2022-11-03 | N/A | 6.1 MEDIUM |
| A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4 allows an attacker to execute unauthorized code or commands via the URL and User fields observed in the traffic and event logviews. | |||||
| CVE-2022-43982 | 1 Apache | 1 Airflow | 2022-11-03 | N/A | 6.1 MEDIUM |
| In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. | |||||