Export limit exceeded: 47133 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47133 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-32987 | 1 Simple Bakery Shop Management System Project | 1 Simple Bakery Shop Management System | 2024-11-21 | 4.8 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in /bsms/?page=manage_account of Simple Bakery Shop Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username or Full Name fields. | ||||
| CVE-2022-32985 | 1 Nexans | 26 Gigaswitch 641 Desk V5 Sfp-vi, Gigaswitch 641 Desk V5 Sfp-vi Firmware, Gigaswitch 642 Desk V5 Sfp-2vi and 23 more | 2024-11-21 | 9.8 Critical |
| libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201. | ||||
| CVE-2022-32965 | 1 Omicard Edm Project | 1 Omicard Edm | 2024-11-21 | 9.8 Critical |
| OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service. | ||||
| CVE-2022-32776 | 1 Wpadvancedads | 1 Advanced Ads - Ad Manager \& Adsense | 2024-11-21 | 4.8 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Advanced Ads GmbH Advanced Ads – Ad Manager & AdSense plugin <= 1.31.1 on WordPress. | ||||
| CVE-2022-32754 | 1 Ibm | 1 Security Verify Directory | 2024-11-21 | 4.8 Medium |
| IBM Security Verify Directory 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228445. | ||||
| CVE-2022-32750 | 1 Ibm | 1 Datapower Gateway | 2024-11-21 | 5.4 Medium |
| IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228435. | ||||
| CVE-2022-32567 | 1 Appfire | 1 Jira Misc Custom Fields | 2024-11-21 | 5.4 Medium |
| The Appfire Jira Misc Custom Fields (JMCF) app 2.4.6 for Atlassian Jira allows XSS via a crafted project name to the Add Auto Indexing Rule function. | ||||
| CVE-2022-32533 | 1 Apache | 2 Jetspeed, Portals Jetspeed | 2024-11-21 | 9.8 Critical |
| Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue | ||||
| CVE-2022-32442 | 1 Yuba | 1 U5cms | 2024-11-21 | 6.1 Medium |
| u5cms version 8.3.5 is vulnerable to Cross Site Scripting (XSS). When a user accesses the default home page if the parameter passed in is http://127.0.0.1/? "Onmouseover=%27tzgl (96502)%27bad=", it can cause html injection. | ||||
| CVE-2022-32389 | 1 Isode | 1 Swift | 2024-11-21 | 7.5 High |
| Isode SWIFT v4.0.2 was discovered to contain hard-coded credentials in the Registry Editor. This allows attackers to access sensitive information such as user credentials and certificates. | ||||
| CVE-2022-32318 | 1 Fast Food Ordering System Project | 1 Fast Food Ordering System | 2024-11-21 | 5.4 Medium |
| Fast Food Ordering System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the component /ffos/classes/Master.php?f=save_category. | ||||
| CVE-2022-32308 | 1 Ublock Origin Project | 1 Ublock Origin | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in uBlock Origin extension before 1.41.1 allows remote attackers to run arbitrary code via a spoofed 'MessageSender.url' to the browser renderer process. | ||||
| CVE-2022-32286 | 1 Mendix | 1 Saml | 2024-11-21 | 6.1 Medium |
| A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). In certain configurations SAML module is vulnerable to Cross Site Scripting (XSS) attacks due to insufficient error message sanitation. This could allow an attacker to execute malicious code by tricking users into accessing a malicious link. | ||||
| CVE-2022-32274 | 1 Ttpsc | 1 The Scheduler | 2024-11-21 | 5.4 Medium |
| The Transition Scheduler add-on 6.5.0 for Atlassian Jira is prone to stored XSS via the project name to the creation function. | ||||
| CVE-2022-32271 | 1 Realnetworks | 1 Realplayer | 2024-11-21 | 9.6 Critical |
| In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is possible to inject script code to arbitrary domains. It is also possible to reference arbitrary local files. | ||||
| CVE-2022-32269 | 1 Realnetworks | 1 Realplayer | 2024-11-21 | 9.8 Critical |
| In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages (displayed by Internet Explorer core). This leads to arbitrary code execution. | ||||
| CVE-2022-32247 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-11-21 | 6.1 Medium |
| SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | ||||
| CVE-2022-32225 | 1 Veeam | 1 Management Pack | 2024-11-21 | 6.1 Medium |
| A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. This vulnerability could be exploited by an attacker by convincing a legitimate user to visit a crafted URL on a Veeam Management Pack for Microsoft System Center server, allowing for the execution of arbitrary scripts. | ||||
| CVE-2022-32195 | 1 Edx | 1 Open Edx | 2024-11-21 | 6.1 Medium |
| Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL. | ||||
| CVE-2022-32173 | 1 Orchardcore | 1 Orchardcore | 2024-11-21 | 5.4 Medium |
| In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users. | ||||