Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37238 | 1 Altn | 1 Security Gateway For Email Servers | 2022-08-26 | N/A | 5.4 MEDIUM |
| MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the currentRequest parameter. | |||||
| CVE-2022-37150 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2022-08-26 | N/A | 5.4 MEDIUM |
| An issue was discovered in Online Diagnostic Lab Management System 1.0. There is a stored XSS vulnerability via firstname, address, middlename, lastname , gender, email, contact parameters. | |||||
| CVE-2022-38172 | 1 Servicenow | 1 Servicenow | 2022-08-26 | N/A | 6.1 MEDIUM |
| ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytics dashboard. | |||||
| CVE-2022-38463 | 1 Servicenow | 1 Servicenow | 2022-08-26 | N/A | 6.1 MEDIUM |
| ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality. | |||||
| CVE-2022-2956 | 1 Noxen Project | 1 Noxen | 2022-08-26 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in ConsoleTVs Noxen. Affected is an unknown function of the file /Noxen-master/users.php. The manipulation of the argument create_user_username with the input "><script>alert(/xss/)</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-207000. | |||||
| CVE-2022-28712 | 1 Wwbn | 1 Avideo | 2022-08-26 | N/A | 9.0 CRITICAL |
| A cross-site scripting (xss) vulnerability exists in the videoAddNew functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability. | |||||
| CVE-2022-37239 | 1 Altn | 1 Security Gateway For Email Servers | 2022-08-25 | N/A | 5.4 MEDIUM |
| MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the rulles_list_ajax endpoint. | |||||
| CVE-2022-37241 | 1 Altn | 1 Security Gateway For Email Servers | 2022-08-25 | N/A | 5.4 MEDIUM |
| MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the data_leak_list_ajax endpoint. | |||||
| CVE-2022-37243 | 1 Altn | 1 Security Gateway For Email Servers | 2022-08-25 | N/A | 5.4 MEDIUM |
| MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the whitelist endpoint. | |||||
| CVE-2022-37245 | 1 Altn | 1 Security Gateway For Email Servers | 2022-08-25 | N/A | 5.4 MEDIUM |
| MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the Blacklist endpoint. | |||||
| CVE-2022-36282 | 1 Search Exclude Project | 1 Search Exclude | 2022-08-25 | N/A | 5.4 MEDIUM |
| Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Roman Pronskiy's Search Exclude plugin <= 1.2.6 at WordPress. | |||||
| CVE-2022-36347 | 1 Thealpinepress | 1 Alpine Phototile For Pinterest | 2022-08-25 | N/A | 5.4 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alpine Press Alpine PhotoTile for Pinterest plugin <= 1.3.1 at WordPress. | |||||
| CVE-2022-36405 | 1 Amcharts | 1 Amcharts\ | 2022-08-25 | N/A | 5.4 MEDIUM |
| Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in amCharts: Charts and Maps plugin <= 1.4 at WordPress. | |||||
| CVE-2022-37153 | 1 Articatech | 1 Artica Proxy | 2022-08-25 | N/A | 6.1 MEDIUM |
| An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password parameter in /fw.login.php. | |||||
| CVE-2019-25075 | 1 Gravitee | 1 Api Management | 2022-08-25 | N/A | 6.1 MEDIUM |
| HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request. | |||||
| CVE-2022-38664 | 1 Jenkins | 1 Job Configuration History | 2022-08-25 | N/A | 5.4 MEDIUM |
| Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names. | |||||
| CVE-2022-36341 | 1 As - Create Pinterest Pinboard Pages Project | 1 As - Create Pinterest Pinboard Pages | 2022-08-25 | N/A | 5.4 MEDIUM |
| Authenticated (subscriber+) plugin settings change leading to Stored Cross-Site Scripting (XSS) vulnerability in Akash soni's AS – Create Pinterest Pinboard Pages plugin <= 1.0 at WordPress. | |||||
| CVE-2022-34658 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2022-08-25 | N/A | 5.4 MEDIUM |
| Multiple Authenticated (contributor+) Persistent Cross-Site Scripting (XSS) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. | |||||
| CVE-2022-34648 | 1 Uploading Svg\, Webp And Ico Files Project | 1 Uploading Svg\, Webp And Ico Files | 2022-08-24 | N/A | 5.4 MEDIUM |
| Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress. | |||||
| CVE-2022-29476 | 1 8degreethemes | 1 Notification Bar | 2022-08-24 | N/A | 6.1 MEDIUM |
| Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in 8 Degree Themes otification Bar for WordPress plugin <= 1.1.8 at WordPress. | |||||