Export limit exceeded: 47136 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47136 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-38823 | 1 Totolink | 2 T6, T6 Firmware | 2024-11-21 | 9.8 Critical |
| In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow.sample. | ||||
| CVE-2022-38814 | 1 Fiberhome | 2 An5506-02-b, An5506-02-b Firmware | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the auth_settings component of FiberHome AN5506-02-B vRP2521 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the sncfg_loid text field. | ||||
| CVE-2022-38790 | 1 Weave.works | 1 Gitops | 2024-11-21 | 5.4 Medium |
| Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting (XSS) bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim's permission. The exposure appears in Weave GitOps Enterprise UI via a GitopsCluster dashboard link. An annotation can be added to a GitopsCluster custom resource. | ||||
| CVE-2022-38709 | 2 Ibm, Microsoft | 2 Robotic Process Automation For Cloud Pak, Windows | 2024-11-21 | 6.1 Medium |
| IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 234291. | ||||
| CVE-2022-38664 | 1 Jenkins | 1 Job Configuration History | 2024-11-21 | 5.4 Medium |
| Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names. | ||||
| CVE-2022-38639 | 1 Inkdrop | 1 Markdown Nice | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Markdown-Nice v1.8.22 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Community Posting field. | ||||
| CVE-2022-38545 | 1 Valine.js | 1 Valine | 2024-11-21 | 9.6 Critical |
| Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a crafted POST request. | ||||
| CVE-2022-38463 | 1 Servicenow | 1 Servicenow | 2024-11-21 | 6.1 Medium |
| ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality. | ||||
| CVE-2022-38394 | 1 Allied-telesis | 2 Centrecom Ar260s, Centrecom Ar260s Firmware | 2024-11-21 | 9.8 Critical |
| Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthenticated attacker to execute an arbitrary OS command. | ||||
| CVE-2022-38379 | 1 Fortinet | 1 Fortisoar | 2024-11-21 | 3.4 Low |
| Improper neutralization of input during web page generation [CWE-79] in FortiSOAR 7.0.0 through 7.0.3 and 7.2.0 may allow an authenticated attacker to inject HTML tags via input fields of various components within FortiSOAR. | ||||
| CVE-2022-38376 | 1 Fortinet | 1 Fortinac | 2024-11-21 | 5.8 Medium |
| Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to perform an XSS attack via crafted HTTP requests. | ||||
| CVE-2022-38374 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | 8.8 High |
| A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4 allows an attacker to execute unauthorized code or commands via the URL and User fields observed in the traffic and event logviews. | ||||
| CVE-2022-38373 | 1 Fortinet | 1 Fortideceptor | 2024-11-21 | 8 High |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface 4.2.0, 4.1.0 through 4.1.1, 4.0.2 may allow an authenticated user to perform a cross site scripting (XSS) attack via sending requests with specially crafted lure resource ID. | ||||
| CVE-2022-38358 | 1 Eyeofnetwork | 1 Eyes Of Network Web | 2024-11-21 | 6.1 Medium |
| Improper neutralization of input during web page generation leaves the Eyes of Network web application vulnerable to cross-site scripting attacks at /module/admin_notifiers/rules.php and /module/report_event/indext.php via the parameters rule_notification, rule_name, and rule_name_old, and at /module/admin_user/add_modify_user.php via the parameters user_name and user_email. | ||||
| CVE-2022-38339 | 1 Safe | 1 Fme Server | 2024-11-21 | 9.6 Critical |
| Safe Software FME Server v2021.2.5, v2022.0.0.2 and below contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login page. | ||||
| CVE-2022-38295 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 6.1 Medium |
| Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function. | ||||
| CVE-2022-38291 | 1 Slims | 1 Senayan Library Management System | 2024-11-21 | 6.1 Medium |
| SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Search function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search bar. | ||||
| CVE-2022-38256 | 1 Tastyigniter | 1 Tastyigniter | 2024-11-21 | 5.4 Medium |
| TastyIgniter v3.5.0 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2022-38254 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 6.1 Medium |
| Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5. | ||||
| CVE-2022-38251 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 4.8 Medium |
| Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Performance Settings page under the Admin panel. | ||||