Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4396 | 1 Pyrdfa3 Project | 1 Pyrdfa3 | 2022-12-13 | N/A | 5.4 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in RDFlib pyrdfa3 and classified as problematic. This issue affects the function _get_option of the file pyRdfa/__init__.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is ffd1d62dd50d5f4190013b39cedcdfbd81f3ce3e. It is recommended to apply a patch to fix this issue. The identifier VDB-215249 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2022-4414 | 1 Nuxt | 1 Framework | 2022-12-13 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - DOM in GitHub repository nuxt/framework prior to v3.0.0-rc.13. | |||||
| CVE-2022-4400 | 1 Fs-blog Project | 1 Fs-blog | 2022-12-13 | N/A | 6.1 MEDIUM |
| A vulnerability was found in zbl1996 FS-Blog and classified as problematic. This issue affects some unknown processing of the component Title Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-215267. | |||||
| CVE-2022-35278 | 2 Apache, Netapp | 3 Activemq Artemis, Active Iq Unified Manager, Oncommand Workflow Automation | 2022-12-12 | N/A | 6.1 MEDIUM |
| In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue. | |||||
| CVE-2022-34297 | 1 Yiiframework | 1 Gii | 2022-12-12 | N/A | 5.4 MEDIUM |
| Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload into any field. | |||||
| CVE-2022-4413 | 1 Nuxt | 1 Framework | 2022-12-12 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository nuxt/framework prior to v3.0.0-rc.13. | |||||
| CVE-2022-45756 | 1 Sens Project | 1 Sens | 2022-12-12 | N/A | 6.1 MEDIUM |
| SENS v1.0 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2022-39035 | 1 Lcnet | 1 Smart Evision | 2022-12-12 | N/A | 6.1 MEDIUM |
| Smart eVision has insufficient filtering for special characters in the POST Data parameter in the specific function. An unauthenticated remote attacker can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack. | |||||
| CVE-2022-45758 | 1 Sens Project | 1 Sens | 2022-12-12 | N/A | 5.4 MEDIUM |
| SENS v1.0 is vulnerable to Cross Site Scripting (XSS) via com.liuyanzhao.sens.web.controller.admin, getRegister. | |||||
| CVE-2022-44637 | 1 Redmine | 1 Redmine | 2022-12-12 | N/A | 6.1 MEDIUM |
| Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user. | |||||
| CVE-2022-44031 | 1 Redmine | 1 Redmine | 2022-12-12 | N/A | 6.1 MEDIUM |
| Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields. | |||||
| CVE-2022-46684 | 1 Jenkins | 1 Checkmarx | 2022-12-12 | N/A | 5.4 MEDIUM |
| Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports, resulting in a stored cross-site scripting (XSS) vulnerability. | |||||
| CVE-2022-46687 | 1 Jenkins | 1 Spring Config | 2022-12-12 | N/A | 5.4 MEDIUM |
| Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to change build display names. | |||||
| CVE-2022-46686 | 1 Jenkins | 1 Custom Build Properties | 2022-12-12 | N/A | 5.4 MEDIUM |
| Jenkins Custom Build Properties Plugin 2.79.vc095ccc85094 and earlier does not escape property values and build display names on the Custom Build Properties and Build Summary pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set or change these values. | |||||
| CVE-2022-41947 | 1 Dhis2 | 1 Dhis 2 | 2022-12-12 | N/A | 5.4 MEDIUM |
| DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Through various features of DHIS2, an authenticated user may be able to upload a file which includes embedded javascript. The user could then potentially trick another authenticated user to open the malicious file in a browser which would trigger the javascript code, resulting in a cross-site scripting (XSS) attack. DHIS2 administrators should upgrade to the following hotfix releases: 2.36.12.1, 2.37.8.1, 2.38.2.1, 2.39.0.1. Users unable to upgrade may add the following simple CSP rule in your web proxy to the vulnerable endpoints: `script-src 'none'`. This workaround will prevent all javascript from running on those endpoints. | |||||
| CVE-2022-4407 | 1 Phpmyfaq | 1 Phpmyfaq | 2022-12-12 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.9. | |||||
| CVE-2022-4377 | 1 S-cms | 1 S-cms | 2022-12-12 | N/A | 5.4 MEDIUM |
| A vulnerability was found in S-CMS 5.0 Build 20220328. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Contact Information Page. The manipulation of the argument Make a Call leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215197 was assigned to this vulnerability. | |||||
| CVE-2022-44213 | 1 Zkteco | 1 Automatic Data Master Server | 2022-12-12 | N/A | 4.8 MEDIUM |
| ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2022-4354 | 1 Pb-cms Project | 1 Pb-cms | 2022-12-12 | N/A | 9.6 CRITICAL |
| A vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /blog/comment of the component Message Board. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-215114 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-23494 | 1 Tiny | 1 Tinymce | 2022-12-12 | N/A | 6.1 MEDIUM |
| tinymce is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the `image` plugin, which presents these dialogs when certain errors occur. The vulnerability allowed arbitrary JavaScript execution when an alert presented in the TinyMCE UI for the current user. This vulnerability has been patched in TinyMCE 5.10.7 and TinyMCE 6.3.1 by ensuring HTML sanitization was still performed after unwrapping invalid elements. Users are advised to upgrade to either 5.10.7 or 6.3.1. Users unable to upgrade may ensure the the `images_upload_handler` returns a valid value as per the images_upload_handler documentation. | |||||