Total
44854 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-31400 | 1 Helpdeskz | 1 Helpdeskz | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in /staff/setup/email-addresses of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field. | ||||
| CVE-2022-31398 | 1 Helpdeskz | 1 Helpdeskz | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in /staff/tools/custom-fields of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field. | ||||
| CVE-2022-31373 | 1 Contec | 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware | 2024-11-21 | 6.1 Medium |
| SolarView Compact v6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Solar_AiConf.php. | ||||
| CVE-2022-31303 | 1 Maccms | 1 Maccms | 2024-11-21 | 5.4 Medium |
| maccms10 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field. | ||||
| CVE-2022-31302 | 1 Maccms | 1 Maccms | 2024-11-21 | 5.4 Medium |
| maccms8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field. | ||||
| CVE-2022-31301 | 1 Angtech | 1 Haraj | 2024-11-21 | 5.4 Medium |
| Haraj v3.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Post Ads component. | ||||
| CVE-2022-31300 | 1 Angtech | 1 Haraj | 2024-11-21 | 5.4 Medium |
| A cross-site scripting vulnerability in the DM Section component of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. | ||||
| CVE-2022-31299 | 1 Angtech | 1 Haraj | 2024-11-21 | 6.1 Medium |
| Haraj v3.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the User Upgrade Form. | ||||
| CVE-2022-31298 | 1 Angtech | 1 Haraj | 2024-11-21 | 5.4 Medium |
| A cross-site scripting vulnerability in the ads comment section of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. | ||||
| CVE-2022-31290 | 1 Withknown | 1 Known | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Known v1.2.2+2020061101 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field. | ||||
| CVE-2022-31201 | 1 Monitoringsoft | 1 Softguard Web | 2024-11-21 | 5.4 Medium |
| SoftGuard Web (SGW) before 5.1.5 allows HTML injection. | ||||
| CVE-2022-31200 | 1 Atmail | 1 Atmail | 2024-11-21 | 6.1 Medium |
| Atmail 5.62 allows XSS via the mail/parse.php?file=html/$this-%3ELanguage/help/filexp.html&FirstLoad=1&HelpFile=file.html Search Terms field. | ||||
| CVE-2022-30991 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-11-21 | 6.1 Medium |
| HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 | ||||
| CVE-2022-30982 | 1 Gentics | 1 Gentics Cms | 2024-11-21 | 5.4 Medium |
| An issue was discovered in Gentics CMS before 5.43.1. There is stored XSS in the profile description and in the username. | ||||
| CVE-2022-30970 | 1 Jenkins | 1 Autocomplete Parameter | 2024-11-21 | 5.4 Medium |
| Jenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropdown Autocomplete parameter and Auto Complete String parameter names in an unsafe manner from Javascript embedded in view definitions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-30968 | 1 Jenkins | 1 Vboxwrapper | 2024-11-21 | 5.4 Medium |
| Jenkins vboxwrapper Plugin 1.3 and earlier does not escape the name and description of VBox node parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-30967 | 1 Jenkins | 1 Selection Tasks | 2024-11-21 | 5.4 Medium |
| Jenkins Selection tasks Plugin 1.0 and earlier does not escape the name and description of Script Selection task variable parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-30965 | 1 Jenkins | 1 Promoted Builds | 2024-11-21 | 5.4 Medium |
| Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-30964 | 1 Jenkins | 1 Multiselect Parameter | 2024-11-21 | 5.4 Medium |
| Jenkins Multiselect parameter Plugin 1.3 and earlier does not escape the name and description of Multiselect parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-30963 | 1 Jenkins | 1 Jdk Parameter | 2024-11-21 | 5.4 Medium |
| Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||