Total
44799 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-24656 | 1 Hexoeditor Project | 1 Hexoeditor | 2024-11-21 | 6.1 Medium |
| HexoEditor 1.1.8 is affected by Cross Site Scripting (XSS). By putting a common XSS payload in a markdown file, if opened with the app, will execute several times. | ||||
| CVE-2022-24654 | 1 Intelbras | 2 Ata 200, Ata 200 Firmware | 2024-11-21 | 5.4 Medium |
| Authenticated stored cross-site scripting (XSS) vulnerability in "Field Server Address" field in INTELBRAS ATA 200 Firmware 74.19.10.21 allows attackers to inject JavaScript code through a crafted payload. | ||||
| CVE-2022-24643 | 1 Open-emr | 1 Openemr | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Management System version 6.0.0. | ||||
| CVE-2022-24620 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 5.4 Medium |
| Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XSS), which can lead to privilege escalation. In this way, admin can steal webmaster's cookies to get the webmaster's access. | ||||
| CVE-2022-24612 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2024-11-21 | 5.4 Medium |
| An authenticated user can upload an XML file containing an XSS via the ITSM module of EyesOfNetwork 5.3.11, resulting in a stored XSS. | ||||
| CVE-2022-24608 | 1 Luocms Project | 1 Luocms | 2024-11-21 | 6.1 Medium |
| Luocms v2.0 is affected by Cross Site Scripting (XSS) in /admin/news/sort_add.php and /inc/function.php. | ||||
| CVE-2022-24590 | 1 Backdropcms | 1 Backdrop | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML. | ||||
| CVE-2022-24589 | 1 Burden Project | 1 Burden | 2024-11-21 | 6.1 Medium |
| Burden v3.0 was discovered to contain a stored cross-site scripting (XSS) in the Add Category function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the task parameter. | ||||
| CVE-2022-24588 | 1 Flatpress | 1 Flatpress | 2024-11-21 | 5.4 Medium |
| Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function. | ||||
| CVE-2022-24587 | 1 Pluxml | 1 Pluxml | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML. | ||||
| CVE-2022-24586 | 1 Pluxml | 1 Pluxml | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters. | ||||
| CVE-2022-24585 | 1 Pluxml | 1 Pluxml | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter. | ||||
| CVE-2022-24582 | 1 Accounting Journal Management Project | 1 Accounting Journal Management | 2024-11-21 | 5.4 Medium |
| Accounting Journal Management 1.0 is vulnerable to XSS-PHPSESSID-Hijacking. The parameter manage_user from User lists is vulnerable to XSS-Stored and PHPSESSID attacks. The malicious user can attack the system by using the already session which he has from inside and outside of the network. | ||||
| CVE-2022-24573 | 1 Element-it | 1 Http Commander | 2024-11-21 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent field. | ||||
| CVE-2022-24572 | 1 Car Driving School Management System Project | 1 Car Driving School Management System | 2024-11-21 | 6.1 Medium |
| Car Driving School Management System v1.0 is affected by Cross Site Scripting (XSS) in the User Enrollment Form (Username Field). To exploit this Vulnerability, an admin views the registered user details. | ||||
| CVE-2022-24566 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 5.4 Medium |
| In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting (XSS). | ||||
| CVE-2022-24565 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 5.4 Medium |
| Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability. The Alias of a site was not properly escaped when shown as condition for notifications. | ||||
| CVE-2022-24564 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 6.1 Medium |
| Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. While creating or editing a user attribute, the Help Text is subject to HTML injection, which can be triggered for editing a user. | ||||
| CVE-2022-24563 | 1 Metalgenix | 1 Genixcms | 2024-11-21 | 5.4 Medium |
| In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the intro_title and intro_image parameters. | ||||
| CVE-2022-24435 | 1 Phpuploader Project | 1 Phpuploader | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in phpUploader v1.2 and earlier allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors. | ||||