Export limit exceeded: 46898 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46898 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-24693 | 1 Baicells | 4 Neutrino 430, Neutrino 430 Firmware, Nova436q and 1 more | 2024-11-21 | 9.8 Critical |
| Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.) | ||||
| CVE-2022-24692 | 1 Dsk | 1 Dsknet | 2024-11-21 | 5.4 Medium |
| An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The new menu option within the general Parameters page is vulnerable to stored XSS. The attacker can create a menu option, make it visible to every application user, and conduct session hijacking, account takeover, or malicious code delivery, with the final goal of achieving client-side code execution. | ||||
| CVE-2022-24681 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 6.1 Medium |
| Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen. | ||||
| CVE-2022-24657 | 1 Goldshell | 1 Goldshell Miner Firmware | 2024-11-21 | 9.8 Critical |
| Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded credentials which allow attackers to remotely connect via the SSH protocol (port 22). | ||||
| CVE-2022-24656 | 1 Hexoeditor Project | 1 Hexoeditor | 2024-11-21 | 6.1 Medium |
| HexoEditor 1.1.8 is affected by Cross Site Scripting (XSS). By putting a common XSS payload in a markdown file, if opened with the app, will execute several times. | ||||
| CVE-2022-24654 | 1 Intelbras | 2 Ata 200, Ata 200 Firmware | 2024-11-21 | 5.4 Medium |
| Authenticated stored cross-site scripting (XSS) vulnerability in "Field Server Address" field in INTELBRAS ATA 200 Firmware 74.19.10.21 allows attackers to inject JavaScript code through a crafted payload. | ||||
| CVE-2022-24643 | 1 Open-emr | 1 Openemr | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Management System version 6.0.0. | ||||
| CVE-2022-24620 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 5.4 Medium |
| Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XSS), which can lead to privilege escalation. In this way, admin can steal webmaster's cookies to get the webmaster's access. | ||||
| CVE-2022-24612 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2024-11-21 | 5.4 Medium |
| An authenticated user can upload an XML file containing an XSS via the ITSM module of EyesOfNetwork 5.3.11, resulting in a stored XSS. | ||||
| CVE-2022-24608 | 1 Luocms Project | 1 Luocms | 2024-11-21 | 6.1 Medium |
| Luocms v2.0 is affected by Cross Site Scripting (XSS) in /admin/news/sort_add.php and /inc/function.php. | ||||
| CVE-2022-24590 | 1 Backdropcms | 1 Backdrop | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML. | ||||
| CVE-2022-24589 | 1 Burden Project | 1 Burden | 2024-11-21 | 6.1 Medium |
| Burden v3.0 was discovered to contain a stored cross-site scripting (XSS) in the Add Category function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the task parameter. | ||||
| CVE-2022-24588 | 1 Flatpress | 1 Flatpress | 2024-11-21 | 5.4 Medium |
| Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function. | ||||
| CVE-2022-24587 | 1 Pluxml | 1 Pluxml | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML. | ||||
| CVE-2022-24586 | 1 Pluxml | 1 Pluxml | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters. | ||||
| CVE-2022-24585 | 1 Pluxml | 1 Pluxml | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter. | ||||
| CVE-2022-24582 | 1 Accounting Journal Management Project | 1 Accounting Journal Management | 2024-11-21 | 5.4 Medium |
| Accounting Journal Management 1.0 is vulnerable to XSS-PHPSESSID-Hijacking. The parameter manage_user from User lists is vulnerable to XSS-Stored and PHPSESSID attacks. The malicious user can attack the system by using the already session which he has from inside and outside of the network. | ||||
| CVE-2022-24573 | 1 Element-it | 1 Http Commander | 2024-11-21 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent field. | ||||
| CVE-2022-24572 | 1 Car Driving School Management System Project | 1 Car Driving School Management System | 2024-11-21 | 6.1 Medium |
| Car Driving School Management System v1.0 is affected by Cross Site Scripting (XSS) in the User Enrollment Form (Username Field). To exploit this Vulnerability, an admin views the registered user details. | ||||
| CVE-2022-24566 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 5.4 Medium |
| In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting (XSS). | ||||