Export limit exceeded: 46898 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46898 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-25213 | 1 Phicomm | 10 K2, K2 Firmware, K2g and 7 more | 2024-11-21 | 6.8 Medium |
| Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell. | ||||
| CVE-2022-25203 | 1 Jenkins | 1 Team Views | 2024-11-21 | 5.4 Medium |
| Jenkins Team Views Plugin 0.9.0 and earlier does not escape team names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Read permission. | ||||
| CVE-2022-25202 | 1 Jenkins | 1 Promoted Builds \(simple\) | 2024-11-21 | 4.8 Medium |
| Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name of custom promotion levels, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. | ||||
| CVE-2022-25191 | 1 Jenkins | 1 Agent Server Parameter | 2024-11-21 | 5.4 Medium |
| Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape parameter names of agent server parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-25189 | 1 Jenkins | 1 Custom Checkbox Parameter | 2024-11-21 | 5.4 Medium |
| Jenkins Custom Checkbox Parameter Plugin 1.1 and earlier does not escape parameter names of custom checkbox parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-25185 | 1 Jenkins | 1 Generic Webhook Trigger | 2024-11-21 | 5.4 Medium |
| Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using the webhook, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-25138 | 1 Axelor | 1 Open Suite | 2024-11-21 | 5.4 Medium |
| Axelor Open Suite v5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Name parameter. | ||||
| CVE-2022-25114 | 1 Event Management Project | 1 Event Management | 2024-11-21 | 6.1 Medium |
| Event Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the full_name parameter under register.php. | ||||
| CVE-2022-25069 | 1 Marktext | 1 Marktext | 2024-11-21 | 9.6 Critical |
| Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to perform remote code execution (RCE) via injecting a crafted payload into /lib/contentState/pasteCtrl.js. | ||||
| CVE-2022-25045 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2024-11-21 | 9.8 Critical |
| Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. | ||||
| CVE-2022-25028 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2024-11-21 | 6.1 Medium |
| Home Owners Collection Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the collected_by parameter under the List of Collections module. | ||||
| CVE-2022-25022 | 1 Htmly | 1 Htmly | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post. | ||||
| CVE-2022-25020 | 1 Pluxml | 1 Pluxml | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post. | ||||
| CVE-2022-25015 | 1 Icehrm | 1 Icehrm | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in Ice Hrm 30.0.0.OS allows attackers to steal cookies via a crafted payload inserted into the First Name field. | ||||
| CVE-2022-25014 | 1 Icehrm | 1 Icehrm | 2024-11-21 | 6.1 Medium |
| Ice Hrm 30.0.0.OS was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "m" parameter in the Dashboard of the current user. This vulnerability allows attackers to compromise session credentials via user interaction with a crafted link. | ||||
| CVE-2022-25013 | 1 Icehrm | 1 Icehrm | 2024-11-21 | 6.1 Medium |
| Ice Hrm 30.0.0.OS was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the "key" and "fm" parameters in the component login.php. | ||||
| CVE-2022-24981 | 1 Jqueryform | 1 Jqueryform | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in forms generated by JQueryForm.com before 2022-02-05 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter to admin.php. | ||||
| CVE-2022-24957 | 1 Dhc-vision | 1 Eqms | 2024-11-21 | 5.4 Medium |
| DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS payload as the name. Any user that opens the object's version or history tab will be attacked. | ||||
| CVE-2022-24948 | 1 Apache | 1 Jspwiki | 2024-11-21 | 6.1 Medium |
| A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.2 or later. | ||||
| CVE-2022-24926 | 1 Samsung | 1 Smarttagplugin | 2024-11-21 | 5.7 Medium |
| Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.15-6 allows privileged attackers to trigger a XSS on a victim's devices. | ||||