Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34195 | 1 Jenkins | 1 Repository Connector | 2022-06-29 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Repository Connector Plugin 2.2.0 and earlier does not escape the name and description of Maven Repository Artifact parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34194 | 1 Jenkins | 1 Readonly Parameter | 2022-06-29 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Readonly String and Readonly Text parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34193 | 1 Jenkins | 1 Package Version | 2022-06-29 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Package Version Plugin 1.0.1 and earlier does not escape the name of Package version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34192 | 1 Jenkins | 1 Ontrack | 2022-06-29 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34191 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2022-06-29 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.77 and earlier does not escape the name of NetStorm Test parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34190 | 1 Jenkins | 1 Maven Metadata | 2022-06-29 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2017-20087 | 1 Thealpinepress | 1 Alpine-photo-tile-for-instagram | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Alpine PhotoTile for Instagram Plugin 1.2.7.7. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. | |||||
| CVE-2021-26636 | 2 Linux, Maxb | 2 Linux Kernel, Maxboard | 2022-06-29 | 6.8 MEDIUM | 9.6 CRITICAL |
| Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution, which could lead to information exposure and privilege escalation. | |||||
| CVE-2022-34176 | 1 Jenkins | 1 Junit | 2022-06-29 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission. | |||||
| CVE-2017-20085 | 1 Bytesforall | 1 Atahualpa | 2022-06-29 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability has been found in Atahualpa Theme and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. The attack can be launched remotely. | |||||
| CVE-2022-34183 | 1 Jenkins | 1 Agent Server Parameter | 2022-06-29 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Agent Server parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2021-29055 | 1 School File Management System Project | 1 School File Management System | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Firtstname parameter to the Update Account form in student_profile.php. | |||||
| CVE-2022-34182 | 1 Jenkins | 1 Nested View | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not escape search parameters, resulting in a reflected cross-site scripting (XSS) vulnerability. | |||||
| CVE-2021-46824 | 1 School File Management System Project | 1 School File Management System | 2022-06-29 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Lastname parameter to the Update Account form in student_profile.php. | |||||
| CVE-2022-34178 | 1 Jenkins | 1 Embeddable Build Status | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link' query parameter that build status badges will link to, without restricting possible values, resulting in a reflected cross-site scripting (XSS) vulnerability. | |||||
| CVE-2021-41432 | 1 Flatpress | 1 Flatpress | 2022-06-29 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content. | |||||
| CVE-2022-23077 | 1 Habitica | 1 Habitica | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| In habitica versions v4.119.0 through v4.232.2 are vulnerable to DOM XSS via the login page. | |||||
| CVE-2022-33113 | 1 Jflyfox | 1 Jfinal Cms | 2022-06-29 | 3.5 LOW | 5.4 MEDIUM |
| Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module. | |||||
| CVE-2022-33119 | 1 Nuuo | 2 Nvrsolo, Nvrsolo Firmware | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via login.php. | |||||
| CVE-2022-32125 | 1 74cms | 1 74cmsse | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /job. | |||||