Export limit exceeded: 363262 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47129 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-26497 | 1 Bigbluebutton | 1 Greenlight | 2024-11-21 | 5.4 Medium |
| BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have a username containing a JavaScript payload. The payload gets executed in the browser of the victim in the "Share room access" dialog if the victim has shared access to the particular room with the attacker previously. | ||||
| CVE-2022-26494 | 1 Primekey | 1 Signserver | 2024-11-21 | 4.8 Medium |
| An XSS was identified in the Admin Web interface of PrimeKey SignServer before 5.8.1. JavaScript code must be used in a worker name before a Generate CSR request. Only an administrator can update a worker name. | ||||
| CVE-2022-26483 | 1 Veritas | 1 Infoscale Operations Manager | 2024-11-21 | 4.8 Medium |
| An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. A reflected cross-site scripting (XSS) vulnerability in admin/cgi-bin/listdir.pl allows authenticated remote administrators to inject arbitrary web script or HTML into an HTTP GET parameter (which reflect the user input without sanitization). | ||||
| CVE-2022-26476 | 1 Siemens | 3 Spectrum Power 4, Spectrum Power 7, Spectrum Power Microgrid Management System | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Power 7 (All versions using Shared HIS), Spectrum Power MGMS (All versions using Shared HIS). An unauthenticated attacker could log into the component Shared HIS used in Spectrum Power systems by using an account with default credentials. A successful exploitation could allow the attacker to access the component Shared HIS with administrative privileges. | ||||
| CVE-2022-26332 | 1 Cipi | 1 Cipi | 2024-11-21 | 5.4 Medium |
| Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field. | ||||
| CVE-2022-26331 | 1 Microfocus | 1 Arcsight Logger | 2024-11-21 | 6.1 Medium |
| Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior versions. | ||||
| CVE-2022-26325 | 1 Microfocus | 1 Netiq Access Manager | 2024-11-21 | 2.9 Low |
| Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.2 | ||||
| CVE-2022-26295 | 1 Online Project Time Management System Project | 1 Online Project Time Management System | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in /ptms/?page=user of Online Project Time Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user name field. | ||||
| CVE-2022-26263 | 1 Yonyou | 1 U8\+ | 2024-11-21 | 6.1 Medium |
| Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability via the component /u8sl/WebHelp. | ||||
| CVE-2022-26255 | 1 Clash Project | 1 Clash | 2024-11-21 | 9.8 Critical |
| Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column. | ||||
| CVE-2022-26246 | 1 Tms Project | 1 Tms | 2024-11-21 | 6.1 Medium |
| TMS v2.28.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /TMS/admin/setting/mail/createorupdate. | ||||
| CVE-2022-26244 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "special" field. | ||||
| CVE-2022-26197 | 1 Joget | 1 Joget Dx | 2024-11-21 | 5.4 Medium |
| Joget DX 7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Datalist table. | ||||
| CVE-2022-26155 | 1 Cherwell | 1 Cherwell Service Management | 2024-11-21 | 6.1 Medium |
| An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body. | ||||
| CVE-2022-26146 | 1 Tricentis | 1 Qtest | 2024-11-21 | 5.4 Medium |
| Tricentis qTest before 10.4 allows stored XSS by an authenticated attacker. | ||||
| CVE-2022-26144 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 6.1 Medium |
| An XSS issue was discovered in MantisBT before 2.25.3. Improper escaping of a Plugin name allows execution of arbitrary code (if CSP allows it) in manage_plugin_page.php and manage_plugin_uninstall.php when a crafted plugin is installed. | ||||
| CVE-2022-26119 | 1 Fortinet | 1 Fortisiem | 2024-11-21 | 7.8 High |
| A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password. | ||||
| CVE-2022-26114 | 1 Fortinet | 1 Fortimail | 2024-11-21 | 5.4 Medium |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in the Webmail of FortiMail before 7.2.0 may allow an unauthenticated attacker to trigger a cross-site scripting (XSS) attack via sending specially crafted mail messages. | ||||
| CVE-2022-26105 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-11-21 | 6.1 Medium |
| SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | ||||
| CVE-2022-26101 | 1 Sap | 1 Fiori Launchpad | 2024-11-21 | 6.1 Medium |
| Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||