Export limit exceeded: 47124 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47124 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-23713 | 1 Elastic | 1 Kibana | 2024-11-21 | 6.1 Medium |
| A cross-site-scripting (XSS) vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser. | ||||
| CVE-2022-23710 | 1 Elastic | 1 Kibana | 2024-11-21 | 6.1 Medium |
| A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow arbitrary JavaScript to be executed in a victim’s browser. | ||||
| CVE-2022-23707 | 1 Elastic | 1 Kibana | 2024-11-21 | 5.4 Medium |
| An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users | ||||
| CVE-2022-23706 | 1 Hp | 1 Oneview | 2024-11-21 | 6.1 Medium |
| A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView. | ||||
| CVE-2022-23697 | 1 Hp | 1 Oneview | 2024-11-21 | 6.1 Medium |
| A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. | ||||
| CVE-2022-23675 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 4.8 Medium |
| A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | ||||
| CVE-2022-23674 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 5.4 Medium |
| A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | ||||
| CVE-2022-23659 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 6.1 Medium |
| A remote reflected cross site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | ||||
| CVE-2022-23441 | 1 Fortinet | 1 Fortiedr | 2024-11-21 | 9.1 Critical |
| A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiEDR versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow an unauthenticated attacker on the network to disguise as and forge messages from other collectors. | ||||
| CVE-2022-23440 | 1 Fortinet | 1 Fortiedr | 2024-11-21 | 7.8 High |
| A use of hard-coded cryptographic key vulnerability [CWE-321] in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment. | ||||
| CVE-2022-23438 | 1 Fortinet | 1 Fortios | 2024-11-21 | 4.7 Medium |
| An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the captive portal authentication replacement page. | ||||
| CVE-2022-23402 | 1 Yokogawa | 5 Centum Vp, Centum Vp Entry, Centum Vp Entry Firmware and 2 more | 2024-11-21 | 9.8 Critical |
| The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00 | ||||
| CVE-2022-23397 | 1 Cedargate | 1 Ez-net Portal | 2024-11-21 | 6.1 Medium |
| The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability. NOTE: the vendor disputes this because the ado.im reference has "no clear steps of reproduction." | ||||
| CVE-2022-23391 | 1 Pybbs Project | 1 Pybbs | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Pybbs v6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Search box. | ||||
| CVE-2022-23378 | 1 Tastyigniter | 1 Tastyigniter | 2024-11-21 | 5.4 Medium |
| A Cross-Site Scripting (XSS) vulnerability exists within the 3.2.2 version of TastyIgniter. The "items%5B0%5D%5Bpath%5D" parameter of a request made to /admin/allergens/edit/1 is vulnerable. | ||||
| CVE-2022-23376 | 1 Wikidocs | 1 Wikidocs | 2024-11-21 | 6.1 Medium |
| WikiDocs version 0.1.18 has multiple reflected XSS vulnerabilities on different pages. | ||||
| CVE-2022-23367 | 1 Fulusso Project | 1 Fulusso | 2024-11-21 | 6.1 Medium |
| Fulusso v1.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in /BindAccount/SuccessTips.js. This vulnerability allows attackers to inject malicious code into a victim user's device via open redirection. | ||||
| CVE-2022-23350 | 1 Bigantsoft | 1 Bigant Server | 2024-11-21 | 5.4 Medium |
| BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2022-23321 | 1 Xerox | 1 Xmpie Ustore | 2024-11-21 | 4.8 Medium |
| A persistent cross-site scripting (XSS) vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0. | ||||
| CVE-2022-23312 | 1 Siemens | 1 Spectrum Power 4 | 2024-11-21 | 6.1 Medium |
| A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP9 Security Patch 1). The integrated web application "Online Help" in affected product contains a Cross-Site Scripting (XSS) vulnerability that could be exploited if unsuspecting users are tricked into accessing a malicious link. | ||||