Export limit exceeded: 47293 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47293 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30533 | 1 Webnus | 1 Modern Events Calendar Lite | 2024-11-21 | 5.4 Medium |
| Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject an arbitrary script via unspecified vectors. | ||||
| CVE-2022-30517 | 1 Mogublog Project | 1 Mogublog | 2024-11-21 | 6.1 Medium |
| Mogu blog 5.2 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2022-30514 | 1 School Dormitory Management System Project | 1 School Dormitory Management System | 2024-11-21 | 6.1 Medium |
| School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:126. | ||||
| CVE-2022-30513 | 1 School Dormitory Management System Project | 1 School Dormitory Management System | 2024-11-21 | 6.1 Medium |
| School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:125 | ||||
| CVE-2022-30494 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2024-11-21 | 5.4 Medium |
| In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs. | ||||
| CVE-2022-30489 | 1 Wavlink | 2 Wn535g3, Wn535g3 Firmware | 2024-11-21 | 6.1 Medium |
| WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi. | ||||
| CVE-2022-30482 | 1 Ecommerce-project-with-php-and-mysqli-fruits-bazar Project | 1 Ecommerce-project-with-php-and-mysqli-fruits-bazar | 2024-11-21 | 4.8 Medium |
| Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- 1.0 is vulnerable to Cross Site Scripting (XSS) in \admin\add_cata.php via the ctg_name parameters. | ||||
| CVE-2022-30464 | 1 Chatbot App With Suggestion Project | 1 Chatbot App With Suggestion | 2024-11-21 | 5.4 Medium |
| ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Site Scripting (XSS) via /simple_chat_bot/classes/Master.php?f=save_response. | ||||
| CVE-2022-30462 | 1 Water Billing System Project | 1 Water Billing System | 2024-11-21 | 5.4 Medium |
| Water-billing-management-system v1.0 is affected by: Cross Site Scripting (XSS) via /wbms/classes/Users.php?f=save, firstname. | ||||
| CVE-2022-30460 | 1 Simple Social Networking Site Project | 1 Simple Social Networking Site | 2024-11-21 | 5.4 Medium |
| Simple Social Networking Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /sns/classes/Users.php?f=save, firstname. | ||||
| CVE-2022-30458 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2024-11-21 | 5.4 Medium |
| Automotive Shop Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /asms/classes/Master.php?f=save_product, name. | ||||
| CVE-2022-30456 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2024-11-21 | 5.4 Medium |
| Badminton Center Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /bcms/classes/Master.php?f=save_court_rental. | ||||
| CVE-2022-30429 | 1 Neos | 1 Neos Cms | 2024-11-21 | 5.4 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title. The vulnerabilities were found in versions 3.3.29 and 8.0.1 and could also be present in all intermediate versions. | ||||
| CVE-2022-30422 | 1 Proietti | 1 Planet Time Enterprise | 2024-11-21 | 9.8 Critical |
| Proietti Tech srl Planet Time Enterprise 4.2.0.1,4.2.0.0,4.1.0.0,4.0.0.0,3.3.1.0,3.3.0.0 is vulnerable to Remote code execution via the Viewstate parameter. | ||||
| CVE-2022-30349 | 1 Sscms | 1 Siteserver Cms | 2024-11-21 | 6.1 Medium |
| siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2022-30326 | 1 Trendnet | 2 Tew-831dr, Tew-831dr Firmware | 2024-11-21 | 5.4 Medium |
| An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The network pre-shared key field on the web interface is vulnerable to XSS. An attacker can use a simple XSS payload to crash the basic.config page of the web interface. | ||||
| CVE-2022-30318 | 1 Honeywell | 4 Controledge Plc, Controledge Plc Firmware, Controledge Rtu and 1 more | 2024-11-21 | 9.8 Critical |
| Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEdge hardcoded credentials issue. The affected components are characterized as: SSH. The potential impact is: Remote code execution, manipulate configuration, denial of service. The Honeywell ControlEdge PLC and RTU product line exposes an SSH service on port 22/TCP. Login as root to this service is permitted and credentials for the root user are hardcoded without automatically changing them upon first commissioning. The credentials for the SSH service are hardcoded in the firmware. The credentials grant an attacker access to a root shell on the PLC/RTU, allowing for remote code execution, configuration manipulation and denial of service. | ||||
| CVE-2022-30314 | 1 Honeywell | 2 Safety Manager, Safety Manager Firmware | 2024-11-21 | 4.6 Medium |
| Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. According to FSCT-2022-0052, there is a Honeywell Experion PKS Safety Manager hardcoded credentials issue. The affected components are characterized as: POLO bootloader. The potential impact is: Manipulate firmware. The Honeywell Experion PKS Safety Manager utilizes the DCOM-232/485 serial interface for firmware management purposes. When booting, the Safety Manager exposes the Enea POLO bootloader via this interface. Access to the boot configuration is controlled by means of credentials hardcoded in the Safety Manager firmware. The credentials for the bootloader are hardcoded in the firmware. An attacker with access to the serial interface (either through physical access, a compromised EWS or an exposed serial-to-ethernet gateway) can utilize these credentials to control the boot process and manipulate the unauthenticated firmware image (see FSCT-2022-0054). | ||||
| CVE-2022-30304 | 1 Fortinet | 1 Fortianalyzer | 2024-11-21 | 4.2 Medium |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAnalyzer versions prior to 7.2.1, 7.0.4 and 6.4.8 may allow a remote unauthenticated attacker to perform a stored cross site scripting (XSS) attack via the URL parameter observed in the FortiWeb attack event logview in FortiAnalyzer. | ||||
| CVE-2022-30289 | 1 Citeum | 1 Opencti | 2024-11-21 | 5.4 Medium |
| A stored Cross-site Scripting (XSS) vulnerability was identified in the Data Import functionality of OpenCTI through 5.2.4. An attacker can abuse the vulnerability to upload a malicious file that will then be executed by a victim when they open the file location. | ||||