Export limit exceeded: 46898 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46898 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-24565 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 5.4 Medium |
| Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability. The Alias of a site was not properly escaped when shown as condition for notifications. | ||||
| CVE-2022-24564 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 6.1 Medium |
| Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. While creating or editing a user attribute, the Help Text is subject to HTML injection, which can be triggered for editing a user. | ||||
| CVE-2022-24563 | 1 Metalgenix | 1 Genixcms | 2024-11-21 | 5.4 Medium |
| In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the intro_title and intro_image parameters. | ||||
| CVE-2022-24435 | 1 Phpuploader Project | 1 Phpuploader | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in phpUploader v1.2 and earlier allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors. | ||||
| CVE-2022-24399 | 1 Sap | 1 Focused Run | 2024-11-21 | 6.1 Medium |
| The SAP Focused Run (Real User Monitoring) - versions 200, 300, REST service does not sufficiently sanitize the input name of the file using multipart/form-data, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2022-24397 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-11-21 | 6.1 Medium |
| SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of portal Website. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of victim’s web browser. | ||||
| CVE-2022-24395 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-11-21 | 6.1 Medium |
| SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2022-24374 | 1 Appleple | 1 A-blog Cms | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-23916. | ||||
| CVE-2022-24347 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 5.4 Medium |
| JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon. | ||||
| CVE-2022-24344 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 5.4 Medium |
| JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page. | ||||
| CVE-2022-24339 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 5.4 Medium |
| JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS. | ||||
| CVE-2022-24338 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 6.1 Medium |
| JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS. | ||||
| CVE-2022-24255 | 1 Extensis | 1 Portfolio | 2024-11-21 | 8.8 High |
| Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to gain administrator privileges. | ||||
| CVE-2022-24238 | 1 Aceware | 1 Aceweb Online Portal | 2024-11-21 | 6.1 Medium |
| ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp. | ||||
| CVE-2022-24229 | 1 Onlyoffice | 1 Document Server | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor. | ||||
| CVE-2022-24181 | 1 Public Knowledge Project | 1 Open Journal Systems | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote attackers to inject arbitary code via the X-Forwarded-Host Header. | ||||
| CVE-2022-24177 | 1 Exlibrisgroup | 1 Aleph 500 | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the component cgi-bin/ej.cgi of Ex libris ALEPH 500 v18.1 and v20 allows attackers to execute arbitrary web scripts or HTML. | ||||
| CVE-2022-24135 | 1 Qingscan Project | 1 Qingscan | 2024-11-21 | 6.1 Medium |
| QingScan 1.3.0 is affected by Cross Site Scripting (XSS) vulnerability in all search functions. | ||||
| CVE-2022-24131 | 1 Douco | 1 Douphp | 2024-11-21 | 6.1 Medium |
| DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution. | ||||
| CVE-2022-24127 | 1 Vanderbilt | 1 Redcap | 2024-11-21 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability was discovered in ProjectGeneral/edit_project_settings.php in REDCap 12.0.11. This issue allows any user with project management permissions to inject arbitrary code into the project title (app_title) field when editing an existing project. The payload is then reflected within the title tag of the page. | ||||