Total
44860 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34964 | 1 Openteknik | 1 Open Source Social Network | 2024-11-21 | 4.8 Medium |
| OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the SitePages module. | ||||
| CVE-2022-34963 | 1 Openteknik | 1 Open Source Social Network | 2024-11-21 | 5.4 Medium |
| OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the News Feed module. | ||||
| CVE-2022-34962 | 1 Openteknik | 1 Open Source Social Network | 2024-11-21 | 5.4 Medium |
| OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Group Timeline module. | ||||
| CVE-2022-34961 | 1 Openteknik | 1 Open Source Social Network | 2024-11-21 | 5.4 Medium |
| OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Users Timeline module. | ||||
| CVE-2022-34911 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-11-21 | 6.1 Medium |
| An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showSuccessPage() with a message as second parameter, and OutputPage::setPageTitle() uses text(). | ||||
| CVE-2022-34879 | 1 Vicidial | 1 Vicidial | 2024-11-21 | 6.5 Medium |
| Reflected Cross Site Scripting (XSS) vulnerabilities in AST Agent Time Sheet interface (/vicidial/AST_agent_time_sheet.php) of VICIdial via agent, and search_archived_data parameters. This issue affects: VICIdial 2.14b0.5 versions prior to 3555. | ||||
| CVE-2022-34834 | 1 Vermeg | 1 Agile Reporter | 2024-11-21 | 4.8 Medium |
| An issue was discovered in VERMEG AgileReporter 21.3. Attackers can gain privileges via an XSS payload in an Add Comment action to the Activity log. | ||||
| CVE-2022-34833 | 1 Vermeg | 1 Agile Reporter | 2024-11-21 | 5.4 Medium |
| An issue was discovered in VERMEG AgileReporter 21.3. An admin can enter an XSS payload in the Analysis component. | ||||
| CVE-2022-34795 | 1 Jenkins | 1 Deployment Dashboard | 2024-11-21 | 5.4 Medium |
| Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape environment names on its Deployment Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission. | ||||
| CVE-2022-34791 | 1 Jenkins | 1 Validating Email Parameter | 2024-11-21 | 5.4 Medium |
| Jenkins Validating Email Parameter Plugin 1.10 and earlier does not escape the name and description of its parameter type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-34790 | 1 Jenkins | 1 Extreme Feedback Panel | 2024-11-21 | 5.4 Medium |
| Jenkins eXtreme Feedback Panel Plugin 2.0.1 and earlier does not escape the job names used in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-34788 | 1 Jenkins | 1 Matrix Reloaded | 2024-11-21 | 5.4 Medium |
| Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. | ||||
| CVE-2022-34787 | 1 Jenkins | 1 Project Inheritance | 2024-11-21 | 5.4 Medium |
| Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked. | ||||
| CVE-2022-34786 | 1 Jenkins | 1 Rich Text Publisher | 2024-11-21 | 5.4 Medium |
| Jenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the HTML message set by its post-build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs. | ||||
| CVE-2022-34784 | 1 Jenkins | 1 Build-metrics | 2024-11-21 | 5.4 Medium |
| Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Build/Update permission. | ||||
| CVE-2022-34783 | 1 Jenkins | 1 Plot | 2024-11-21 | 5.4 Medium |
| Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-34778 | 1 Jenkins | 1 Testng Results | 2024-11-21 | 5.4 Medium |
| Jenkins TestNG Results Plugin 554.va4a552116332 and earlier renders the unescaped test descriptions and exception messages provided in test results if certain job-level options are set, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or control test results. | ||||
| CVE-2022-34777 | 1 Jenkins | 1 Gitlab | 2024-11-21 | 5.4 Medium |
| Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-34619 | 1 Mealie Project | 1 Mealie | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in Mealie v0.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Shopping Lists item names text field. | ||||
| CVE-2022-34618 | 1 Mealie Project | 1 Mealie | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in Mealie 1.0.0beta3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the recipe description text field. | ||||