Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40184 | 1 Bosch | 2 Videojet Multi 4000, Videojet Multi 4000 Firmware | 2022-10-31 | N/A | 4.8 MEDIUM |
| Incomplete filtering of JavaScript code in different configuration fields of the web based interface of the VIDEOJET multi 4000 allows an attacker with administrative credentials to store JavaScript code which will be executed for all administrators accessing the same configuration option. | |||||
| CVE-2011-2694 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2022-10-31 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page). | |||||
| CVE-2022-40183 | 1 Bosch | 2 Videojet Multi 4000, Videojet Multi 4000 Firmware | 2022-10-31 | N/A | 4.7 MEDIUM |
| An error in the URL handler of the VIDEOJET multi 4000 may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the encoder address can send a crafted link to a user, which will execute JavaScript code in the context of the user. | |||||
| CVE-2022-38200 | 1 Esri | 1 Arcgis Server | 2022-10-31 | N/A | 6.1 MEDIUM |
| A cross site scripting vulnerability exists in some map service configurations of ArcGIS Server versions 10.8.1 and 10.7.1. Specifically crafted web requests can execute arbitrary JavaScript in the context of the victim's browser. | |||||
| CVE-2022-38162 | 1 Withsecure | 1 F-secure Policy Manager | 2022-10-31 | N/A | 6.1 MEDIUM |
| Reflected cross-site scripting (XSS) vulnerabilities in WithSecure through 2022-08-10) exists within the F-Secure Policy Manager due to an unvalidated parameter in the endpoint, which allows remote attackers to provide a malicious input. | |||||
| CVE-2022-39350 | 1 Owasp | 1 Dependency-track Frontend | 2022-10-28 | N/A | N/A |
| @dependencytrack/frontend is a Single Page Application (SPA) used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Due to the common practice of providing vulnerability details in markdown format, the Dependency-Track frontend renders them using the JavaScript library Showdown. Showdown does not have any XSS countermeasures built in, and versions before 4.6.1 of the Dependency-Track frontend did not encode or sanitize Showdown's output. This made it possible for arbitrary JavaScript included in vulnerability details via HTML attributes to be executed in context of the frontend. Actors with the `VULNERABILITY_MANAGEMENT` permission can exploit this weakness by creating or editing a custom vulnerability and providing XSS payloads in any of the following fields: Description, Details, Recommendation, or References. The payload will be executed for users with the `VIEW_PORTFOLIO` permission when browsing to the modified vulnerability's page. Alternatively, malicious JavaScript could be introduced via any of the vulnerability databases mirrored by Dependency-Track. However, this attack vector is highly unlikely, and the maintainers of Dependency-Track are not aware of any occurrence of this happening. Note that the `Vulnerability Details` element of the `Audit Vulnerabilities` tab in the project view is not affected. The issue has been fixed in frontend version 4.6.1. | |||||
| CVE-2022-42992 | 1 Train Scheduler App Project | 1 Train Scheduler App | 2022-10-28 | N/A | 5.4 MEDIUM |
| Multiple stored cross-site scripting (XSS) vulnerabilities in Train Scheduler App v1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Train Code, Train Name, and Destination text fields. | |||||
| CVE-2022-32407 | 1 Softr | 1 Softr | 2022-10-28 | N/A | 6.1 MEDIUM |
| Softr v2.0 was discovered to contain a Cross-Site Scripting (XSS) vulnerability via the First Name parameter under the Create A New Account module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2022-43165 | 1 Rukovoditel | 1 Rukovoditel | 2022-10-28 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module=global_vars/vars) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking "Create". | |||||
| CVE-2022-43164 | 1 Rukovoditel | 1 Rukovoditel | 2022-10-28 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add". | |||||
| CVE-2022-43166 | 1 Rukovoditel | 1 Rukovoditel | 2022-10-28 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Global Entities feature (/index.php?module=entities/entities) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Entity". | |||||
| CVE-2021-38728 | 1 Sem-cms | 1 Semcms | 2022-10-28 | N/A | 6.1 MEDIUM |
| SEMCMS SHOP v 1.1 is vulnerable to Cross Site Scripting (XSS) via Ant_M_Coup.php. | |||||
| CVE-2021-36863 | 1 Expresstech | 1 Quiz And Survey Master | 2022-10-28 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress. | |||||
| CVE-2021-36858 | 1 Themepoints | 1 Testimonials | 2022-10-28 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themepoints Testimonials plugin <= 2.6 on WordPress. | |||||
| CVE-2022-40965 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | N/A | 5.4 MEDIUM |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API. | |||||
| CVE-2022-41555 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | N/A | 5.4 MEDIUM |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API. | |||||
| CVE-2022-41651 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | N/A | 5.4 MEDIUM |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API. | |||||
| CVE-2022-41701 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | N/A | 5.4 MEDIUM |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API. | |||||
| CVE-2021-35388 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-10-28 | N/A | 5.4 MEDIUM |
| Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php. | |||||
| CVE-2022-41702 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | N/A | 5.4 MEDIUM |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API. | |||||