Export limit exceeded: 47287 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47287 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-27425 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 6.1 Medium |
| Chamilo LMS v1.11.13 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /blog/blog.php. | ||||
| CVE-2022-27422 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in Chamilo LMS v1.11.13 allows attackers to execute arbitrary web scripts or HTML via user interaction with a crafted URL. | ||||
| CVE-2022-27348 | 1 Socialcodia | 1 Social Codia Sms | 2024-11-21 | 4.8 Medium |
| Social Codia SMS v1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field. | ||||
| CVE-2022-27330 | 1 E-commerce Website Project | 1 E-commerce Website | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field. | ||||
| CVE-2022-27308 | 1 Phprojekt Phpsimplygest Project | 1 Phprojekt Phpsimplygest | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in PHProjekt PhpSimplyGest v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a project title. | ||||
| CVE-2022-27280 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2024-11-21 | 5.4 Medium |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the web_exec parameter at /apply.cgi. | ||||
| CVE-2022-27258 | 1 Hubzilla | 1 Hubzilla | 2024-11-21 | 6.1 Medium |
| Multiple Cross-Site Scripting (XSS) vulnerabilities in Hubzilla 7.0.3 and earlier allows remote attacker to include arbitrary web script or HTML via the rpath parameter. | ||||
| CVE-2022-27246 | 1 Misp | 1 Misp | 2024-11-21 | 6.1 Medium |
| An issue was discovered in MISP before 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default. | ||||
| CVE-2022-27244 | 1 Misp | 1 Misp | 2024-11-21 | 4.8 Medium |
| An issue was discovered in MISP before 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user. | ||||
| CVE-2022-27238 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 5.4 Medium |
| BigBlueButton version 2.4.7 (or earlier) is vulnerable to stored Cross-Site Scripting (XSS) in the private chat functionality. A threat actor could inject JavaScript payload in his/her username. The payload gets executed in the browser of the victim each time the attacker sends a private message to the victim or when notification about the attacker leaving room is displayed. | ||||
| CVE-2022-27237 | 1 Ni | 5 Flexlogger, G Web Development Software, Labview and 2 more | 2024-11-21 | 6.1 Medium |
| There is a cross-site scripting (XSS) vulnerability in an NI Web Server component installed with several NI products. Depending on the product(s) in use, remediation guidance includes: install SystemLink version 2021 R3 or later, install FlexLogger 2022 Q2 or later, install LabVIEW 2021 SP1, install G Web Development 2022 R1 or later, or install Static Test Software Suite version 1.2 or later. | ||||
| CVE-2022-27231 | 1 Veronalabs | 1 Wp Statistics | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product. | ||||
| CVE-2022-27230 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Guided Configuration | 2024-11-21 | 7.5 High |
| On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP APM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of F5 BIG-IP Guided Configuration that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2022-27213 | 1 Jenkins | 1 Environment Dashboard | 2024-11-21 | 5.4 Medium |
| Jenkins Environment Dashboard Plugin 1.1.10 and earlier does not escape the Environment order and the Component order configuration values in its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission. | ||||
| CVE-2022-27212 | 1 Jenkins | 1 List Git Branches Parameter | 2024-11-21 | 5.4 Medium |
| Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the 'List Git branches (and more)' parameter, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-27207 | 1 Jenkins | 1 Global-build-stats | 2024-11-21 | 4.8 Medium |
| Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. | ||||
| CVE-2022-27202 | 1 Jenkins | 1 Extended Choice Parameter | 2024-11-21 | 5.4 Medium |
| Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-27200 | 1 Jenkins | 1 Folder-based Authorization Strategy | 2024-11-21 | 4.8 Medium |
| Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the configuration form, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. | ||||
| CVE-2022-27197 | 1 Jenkins | 1 Dashboard View | 2024-11-21 | 5.4 Medium |
| Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet's Iframe source URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure views. | ||||
| CVE-2022-27196 | 1 Jenkins | 1 Favorite | 2024-11-21 | 5.4 Medium |
| Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions. | ||||