Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2428 | 1 Gitlab | 1 Gitlab | 2022-10-19 | N/A | 7.3 HIGH |
| A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests | |||||
| CVE-2017-2601 | 1 Jenkins | 1 Jenkins | 2022-10-19 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions (SECURITY-353). Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions. | |||||
| CVE-2022-2527 | 1 Gitlab | 1 Gitlab | 2022-10-19 | N/A | 8.0 HIGH |
| An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.which allowed an authenticated attacker to inject arbitrary content. A victim interacting with this content could lead to arbitrary requests. | |||||
| CVE-2022-2865 | 1 Gitlab | 1 Gitlab | 2022-10-19 | N/A | 4.8 MEDIUM |
| A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, 15.2 to 15.2.4 and 15.3 prior to 15.3.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side. | |||||
| CVE-2022-35698 | 1 Adobe | 2 Commerce, Magento Open Source | 2022-10-18 | N/A | 5.4 MEDIUM |
| Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution. | |||||
| CVE-2022-26375 | 1 Abpressoptimizer | 1 Ab Press Optimizer | 2022-10-18 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mammothology AB Press Optimizer plugin <= 1.1.1 on WordPress. | |||||
| CVE-2022-40605 | 1 Mitre | 1 Caldera | 2022-10-18 | N/A | 6.1 MEDIUM |
| MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40606. | |||||
| CVE-2022-3548 | 1 Simple Cold Storage Management System Project | 1 Simple Cold Storage Management System | 2022-10-18 | N/A | 4.8 MEDIUM |
| A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the component Add New Storage Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-211048. | |||||
| CVE-2022-41472 | 1 74cmsse | 1 74cmsse | 2022-10-18 | N/A | 5.4 MEDIUM |
| 74cmsSE v3.12.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. | |||||
| CVE-2022-41139 | 1 Mitre | 1 Caldera | 2022-10-18 | N/A | 5.4 MEDIUM |
| MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka the gist contact configuration field), leading to execution of arbitrary commands on agents. | |||||
| CVE-2022-40606 | 1 Mitre | 1 Caldera | 2022-10-18 | N/A | 6.1 MEDIUM |
| MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40605. | |||||
| CVE-2022-3546 | 1 Simple Cold Storage Management System Project | 1 Simple Cold Storage Management System | 2022-10-18 | N/A | 4.8 MEDIUM |
| A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /csms/admin/?page=user/list of the component Create User Handler. The manipulation of the argument First Name/Last Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-211046 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3547 | 1 Simple Cold Storage Management System Project | 1 Simple Cold Storage Management System | 2022-10-18 | N/A | 4.8 MEDIUM |
| A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /csms/admin/?page=system_info of the component Setting Handler. The manipulation of the argument System Name/System Short Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-211047. | |||||
| CVE-2022-3581 | 1 Cashier Queuing System Project | 1 Cashier Queuing System | 2022-10-18 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SourceCodester Cashier Queuing System 1.0. Affected is an unknown function of the component Cashiers Tab. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-211188. | |||||
| CVE-2022-3580 | 1 Cashier Queuing System Project | 1 Cashier Queuing System | 2022-10-18 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Cashier Queuing System 1.0.1. This issue affects some unknown processing of the component User Creation Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-211187. | |||||
| CVE-2020-15275 | 1 Moinmo | 1 Moinmoin | 2022-10-18 | 3.5 LOW | 5.4 MEDIUM |
| MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes. | |||||
| CVE-2021-38946 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2022-10-18 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211240. | |||||
| CVE-2020-15253 | 1 Grocy | 1 Grocy | 2022-10-18 | 3.5 LOW | 4.8 MEDIUM |
| Versions of Grocy <= 2.7.1 are vulnerable to Cross-Site Scripting via the Create Shopping List module, that is rendered upon deleting that Shopping List. The issue was also found in users, batteries, chores, equipment, locations, quantity units, shopping locations, tasks, taskcategories, product groups, recipes and products. Authentication is required to exploit these issues and Grocy should not be publicly exposed. The linked reference details a proof-of-concept. | |||||
| CVE-2022-2256 | 1 Redhat | 1 Single Sign-on | 2022-10-18 | N/A | 3.8 LOW |
| A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality. | |||||
| CVE-2021-3672 | 6 C-ares Project, Fedoraproject, Nodejs and 3 more | 17 C-ares, Fedora, Node.js and 14 more | 2022-10-18 | 6.8 MEDIUM | 5.6 MEDIUM |
| A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability. | |||||