Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38373 | 1 Fortinet | 1 Fortideceptor | 2022-11-03 | N/A | 5.4 MEDIUM |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface 4.2.0, 4.1.0 through 4.1.1, 4.0.2 may allow an authenticated user to perform a cross site scripting (XSS) attack via sending requests with specially crafted lure resource ID. | |||||
| CVE-2022-35851 | 1 Fortinet | 1 Fortiadc | 2022-11-03 | N/A | 5.4 MEDIUM |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiADC management interface 7.1.0 may allow a remote and authenticated attacker to trigger a stored cross site scripting (XSS) attack via configuring a specially crafted IP Address. | |||||
| CVE-2022-40290 | 1 Phppointofsale | 1 Php Point Of Sale | 2022-11-02 | N/A | 6.1 MEDIUM |
| The application was vulnerable to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in the barcode generation functionality, allowing attackers to generate an unsafe link that could compromise users. | |||||
| CVE-2022-40288 | 1 Phppointofsale | 1 Php Point Of Sale | 2022-11-02 | N/A | 9.0 CRITICAL |
| The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user profile. | |||||
| CVE-2022-40287 | 1 Phppointofsale | 1 Php Point Of Sale | 2022-11-02 | N/A | 9.0 CRITICAL |
| The application was found to be vulnerable to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in messaging functionality, leading to privilege escalation or a compromise of a targeted account. | |||||
| CVE-2022-43361 | 1 Slims | 1 Senayan Library Management System | 2022-11-02 | N/A | 4.8 MEDIUM |
| Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component pop_chart.php. | |||||
| CVE-2022-3803 | 1 Eolink | 1 Apinto-dashboard | 2022-11-02 | N/A | 6.1 MEDIUM |
| A vulnerability was found in eolinker apinto-dashboard and classified as problematic. This issue affects some unknown processing of the file /api/discoveries/. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212639. | |||||
| CVE-2022-3804 | 1 Eolink | 1 Apinto-dashboard | 2022-11-02 | N/A | 6.1 MEDIUM |
| A vulnerability was found in eolinker apinto-dashboard. It has been classified as problematic. Affected is an unknown function of the file /login. The manipulation of the argument callback leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212640. | |||||
| CVE-2022-40190 | 1 Sauter-controls | 1 Moduweb Firmware | 2022-11-02 | N/A | 9.6 CRITICAL |
| SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting (XSS). The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users’ browsers and steal sensitive information, including user credentials. | |||||
| CVE-2022-43082 | 1 Fast Food Ordering System Project | 1 Fast Food Ordering System | 2022-11-02 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /fastfood/purchase.php of Fast Food Ordering System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the customer parameter. | |||||
| CVE-2022-43084 | 1 Vehicle Booking System Project | 1 Vehicle Booking System | 2022-11-02 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the v_name parameter. | |||||
| CVE-2022-43079 | 1 Train Scheduler App Project | 1 Train Scheduler App | 2022-11-01 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Train Scheduler App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter. | |||||
| CVE-2022-43078 | 1 Web-based Student Clearance System Project | 1 Web-based Student Clearance System | 2022-11-01 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter. | |||||
| CVE-2022-43076 | 1 Web-based Student Clearance System Project | 1 Web-based Student Clearance System | 2022-11-01 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /admin/edit-admin.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtemail parameter. | |||||
| CVE-2022-41679 | 1 Formalms | 1 Formalms | 2022-11-01 | N/A | 6.1 MEDIUM |
| Forma LMS version 3.1.0 and earlier are affected by an Cross-Site scripting vulnerability, that could allow a remote attacker to inject javascript code on the “back_url” parameter in appLms/index.php?modname=faq&op=play function. The exploitation of this vulnerability could allow an attacker to steal the user´s cookies in order to log in to the application. | |||||
| CVE-2022-39017 | 1 M-files | 1 Hubshare | 2022-11-01 | N/A | 5.4 MEDIUM |
| Improper input validation and output encoding in all comments fields, in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to introduce cross-site scripting attacks via specially crafted comments. | |||||
| CVE-2022-39020 | 1 Schoolbox | 1 Schoolbox | 2022-11-01 | N/A | 6.1 MEDIUM |
| Multiple instances of XSS (stored and reflected) was found in the application. For example, features such as student assessment submission, file upload, news, ePortfolio and calendar event creation were found to be vulnerable to cross-site scripting. | |||||
| CVE-2022-3766 | 1 Phpmyfaq | 1 Phpmyfaq | 2022-11-01 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8. | |||||
| CVE-2022-3765 | 1 Phpmyfaq | 1 Phpmyfaq | 2022-11-01 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8. | |||||
| CVE-2022-43167 | 1 Rukovoditel | 1 Rukovoditel | 2022-11-01 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=users_alerts/users_alerts) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add". | |||||