Export limit exceeded: 46626 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46626 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-35590 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "end_date" Parameter | ||||
| CVE-2022-35589 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_time" Parameter. | ||||
| CVE-2022-35587 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_date" Parameter | ||||
| CVE-2022-35585 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 4.8 Medium |
| A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "start_date" Parameter | ||||
| CVE-2022-35582 | 1 Pentasecurity | 1 Wapples | 2024-11-21 | 8.8 High |
| Penta Security Systems Inc WAPPLES 4.0.*, 5.0.0.*, 5.0.12.* are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predefined password. The password for this user, as well as its existence, is not disclosed in the documentation. Knowing the credentials, attackers can use this feature to gain uncontrolled access to the device and therefore are considered an undocumented possibility for remote control. | ||||
| CVE-2022-35569 | 1 Blogifier | 1 Blogifier | 2024-11-21 | 4.8 Medium |
| Blogifier v3.0 was discovered to contain an arbitrary file upload vulnerability at /api/storage/upload/PostImage. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted file. | ||||
| CVE-2022-35554 | 1 Bpcbt | 1 Smartvista | 2024-11-21 | 6.1 Medium |
| Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side. | ||||
| CVE-2022-35540 | 1 Dotnetcore | 1 Agileconfig | 2024-11-21 | 9.8 Critical |
| Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access. | ||||
| CVE-2022-35509 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 5.4 Medium |
| An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an attacker to execute arbitrary Web scripts or HTML by injecting a special payload via the title parameter in the foreground contribution, allowing the attacker to obtain sensitive information. | ||||
| CVE-2022-35493 | 1 Wrteam | 1 Eshop - Ecommerce \/ Store Website | 2024-11-21 | 6.1 Medium |
| A Cross-site scripting (XSS) vulnerability in json search parse and the json response in wrteam.in, eShop - Multipurpose Ecommerce Store Website version 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the get_products?search parameter. | ||||
| CVE-2022-35491 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample. | ||||
| CVE-2022-35416 | 1 H3c | 1 Ssl Vpn | 2024-11-21 | 6.1 Medium |
| H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS. | ||||
| CVE-2022-35413 | 1 Pentasecurity | 1 Wapples | 2024-11-21 | 9.8 Critical |
| WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001. | ||||
| CVE-2022-35298 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-11-21 | 6.1 Medium |
| SAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. KMC servlet is vulnerable to XSS attack. The execution of script content by a victim registered on the portal could compromise the confidentiality and integrity of victim’s web browser session. | ||||
| CVE-2022-35297 | 1 Sap | 1 Enable Now | 2024-11-21 | 5.4 Medium |
| The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting (XSS) vulnerability leading to limited impact on Confidentiality, Integrity and Availability. | ||||
| CVE-2022-35294 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | 5.4 Medium |
| An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack. This could lead to information disclosure including stealing authentication information and impersonating the affected user. | ||||
| CVE-2022-35287 | 1 Ibm | 1 Security Verify Information Queue | 2024-11-21 | 7.5 High |
| IBM Security Verify Information Queue 10.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 230817. | ||||
| CVE-2022-35278 | 3 Apache, Netapp, Redhat | 4 Activemq Artemis, Active Iq Unified Manager, Oncommand Workflow Automation and 1 more | 2024-11-21 | 6.1 Medium |
| In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue. | ||||
| CVE-2022-35227 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-11-21 | 6.1 Medium |
| A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site (XSS) scripting attack. A successful exploit could allow the attacker to execute arbitrary script code which could lead to stealing or modifying of authentication information of the user, such as data relating to his or her current session. | ||||
| CVE-2022-35225 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-11-21 | 6.1 Medium |
| SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. This leads to limited impact on confidentiality and integrity of data. | ||||