Export limit exceeded: 363434 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 47137 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47137 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30963 | 1 Jenkins | 1 Jdk Parameter | 2024-11-21 | 5.4 Medium |
| Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-30962 | 1 Jenkins | 1 Global Variable String Parameter | 2024-11-21 | 5.4 Medium |
| Jenkins Global Variable String Parameter Plugin 1.2 and earlier does not escape the name and description of Global Variable String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-30961 | 1 Jenkins | 1 Autocomplete Parameter | 2024-11-21 | 5.4 Medium |
| Jenkins Autocomplete Parameter Plugin 1.1 and earlier does not escape the name of Dropdown Autocomplete and Auto Complete String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-30960 | 1 Jenkins | 1 Application Detector | 2024-11-21 | 5.4 Medium |
| Jenkins Application Detector Plugin 1.0.8 and earlier does not escape the name of Chois Application Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-30956 | 1 Jenkins | 1 Rundeck | 2024-11-21 | 5.4 Medium |
| Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to submit crafted Rundeck webhook payloads. | ||||
| CVE-2022-30903 | 1 Nokia | 2 G-2425g-a, G-2425g-a Firmware | 2024-11-21 | 4.8 Medium |
| Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA" Software Version "3FE49362IJHK42" is vulnerable to Cross-Site Scripting (XSS) via the admin->Maintenance>Device Management. | ||||
| CVE-2022-30899 | 1 Partkeepr | 1 Partkeepr | 2024-11-21 | 4.8 Medium |
| A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the 'name' field in /api/part_categories. | ||||
| CVE-2022-30875 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 6.1 Medium |
| Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page. | ||||
| CVE-2022-30874 | 1 Nukeviet | 1 Nukeviet | 2024-11-21 | 5.4 Medium |
| There is a Cross Site Scripting Stored (XSS) vulnerability in NukeViet CMS before 4.5.02. | ||||
| CVE-2022-30863 | 1 Fudforum | 1 Fudforum | 2024-11-21 | 4.8 Medium |
| FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_title param in Page Manager in the Admin Control Panel. | ||||
| CVE-2022-30861 | 1 Fudforum | 1 Fudforum | 2024-11-21 | 4.8 Medium |
| FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature. | ||||
| CVE-2022-30842 | 1 Covid 19 Travel Pass Management System Project | 1 Covid 19 Travel Pass Management System | 2024-11-21 | 5.4 Medium |
| Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ctpms/classes/Users.php?f=save, firstname. | ||||
| CVE-2022-30839 | 1 Room Rent Portal Site Project | 1 Room Rent Portal Site | 2024-11-21 | 6.1 Medium |
| Room-rent-portal-site v1.0 is vulnerable to Cross Site Scripting (XSS) via /rrps/classes/Master.php?f=save_category, vehicle_name. | ||||
| CVE-2022-30777 | 1 Parallels | 1 H-sphere | 2024-11-21 | 6.1 Medium |
| Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter. | ||||
| CVE-2022-30776 | 1 Atmail | 1 Atmail | 2024-11-21 | 6.1 Medium |
| atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter. | ||||
| CVE-2022-30770 | 1 Terminalfour | 1 Terminalfour | 2024-11-21 | 6.1 Medium |
| Terminalfour versions 8.3.7, 8.3.x versions prior to version 8.3.8 and r 8.2.x versions prior to version 8.2.18.5 or 8.2.18.2.1 are vulnerable to (XSS) vulnerability that could be exploited by an attacker to mislead an administrator and steal their credentials. | ||||
| CVE-2022-30627 | 1 Chcnav | 2 P5e Gnss, P5e Gnss Firmware | 2024-11-21 | 5.7 Medium |
| This vulnerability affects all of the company's products that also include the FW versions: update_i90_cv2.021_b20210104, update_i50_v1.0.55_b20200509, update_x6_v2.1.2_b202001127, update_b5_v2.0.9_b20200706. This vulnerability makes it possible to extract from the FW the existing user passwords on their operating systems and passwords. | ||||
| CVE-2022-30622 | 1 Chcnav | 2 P5e Gnss, P5e Gnss Firmware | 2024-11-21 | 5.3 Medium |
| Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sys_username_passwd.cmd - The server loads the request clearly by default. Disclosure of hard-coded credit information within the JS code sent to the customer within the Login.js file is a strong user (which is not documented) and also the password, which allow for super-user access. Username: chcadmin, Password: chcpassword. | ||||
| CVE-2022-30611 | 2 Ibm, Linux | 2 Spectrum Copy Data Management, Linux Kernel | 2024-11-21 | 5.4 Medium |
| IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using some fields of the form in the portal UI to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 227364. | ||||
| CVE-2022-30604 | 1 Cybozu | 1 Office | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors. | ||||