Total
44848 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-29540 | 1 Resi | 1 Gemini-net | 2024-11-21 | 6.1 Medium |
| resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints, | ||||
| CVE-2022-29533 | 1 Misp | 1 Misp | 2024-11-21 | 6.1 Medium |
| An issue was discovered in MISP before 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation with a "weird single checkbox page." | ||||
| CVE-2022-29532 | 1 Misp | 1 Misp | 2024-11-21 | 4.8 Medium |
| An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: URL in the URL field, and another administrator clicks on it. | ||||
| CVE-2022-29531 | 1 Misp | 1 Misp | 2024-11-21 | 5.4 Medium |
| An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name. | ||||
| CVE-2022-29530 | 1 Misp | 1 Misp | 2024-11-21 | 5.4 Medium |
| An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters. | ||||
| CVE-2022-29529 | 1 Misp | 1 Misp | 2024-11-21 | 5.4 Medium |
| An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field. | ||||
| CVE-2022-29513 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.8 Medium |
| Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script. | ||||
| CVE-2022-29487 | 1 Cybozu | 1 Office | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors. | ||||
| CVE-2022-29485 | 1 Ss-proj | 1 Shirasagi | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors. | ||||
| CVE-2022-29380 | 1 Creativeitem | 1 Academy Lms | 2024-11-21 | 4.8 Medium |
| Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel. | ||||
| CVE-2022-29360 | 1 Rainloop | 1 Webmail | 2024-11-21 | 5.4 Medium |
| The Email Viewer in RainLoop through 1.6.0 allows XSS via a crafted email message. | ||||
| CVE-2022-29359 | 1 School Club Application System Project | 1 School Club Application System | 2024-11-21 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability in /scas/?page=clubs/application_form&id=7 of School Club Application System v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter. | ||||
| CVE-2022-29349 | 1 Keking | 1 Kkfileview | 2024-11-21 | 6.1 Medium |
| kkFileView v4.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java. | ||||
| CVE-2022-29296 | 1 Avantune | 1 Genialcloud Proj | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the login portal of Avantune Genialcloud ProJ - 10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2022-29269 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 6.5 Medium |
| In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address. | ||||
| CVE-2022-29152 | 1 Ericom | 1 Powerterm Webconnect | 2024-11-21 | 6.1 Medium |
| The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an XSS payload from the AppPortal cookie into the page. | ||||
| CVE-2022-29096 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | 6.1 Medium |
| Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in saveGroupConfigurations page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | ||||
| CVE-2022-29095 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2024-11-21 | 8.3 High |
| Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability under specific conditions leading to execution of malicious code on a vulnerable system. | ||||
| CVE-2022-29091 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2024-11-21 | 5.3 Medium |
| Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere GUI. An Unauthenticated Remote Attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | ||||
| CVE-2022-29057 | 1 Fortinet | 1 Fortiedr | 2024-11-21 | 5.4 Medium |
| A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiEDR version 5.1.0, 5.0.0 through 5.0.3 Patch 6 and 4.0.0 allows a remote authenticated attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload into the Management Console via various endpoints. | ||||