Total
37706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43084 | 1 Vehicle Booking System Project | 1 Vehicle Booking System | 2025-05-05 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the v_name parameter. | |||||
| CVE-2022-43079 | 1 Train Scheduler App Project | 1 Train Scheduler App | 2025-05-05 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Train Scheduler App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter. | |||||
| CVE-2022-43078 | 1 Web-based Student Clearance System Project | 1 Web-based Student Clearance System | 2025-05-05 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter. | |||||
| CVE-2022-43076 | 1 Web-based Student Clearance System Project | 1 Web-based Student Clearance System | 2025-05-05 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /admin/edit-admin.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtemail parameter. | |||||
| CVE-2022-3469 | 1 Marcomilesi | 1 Wp Attachments | 2025-05-05 | N/A | 4.8 MEDIUM |
| The WP Attachments WordPress plugin before 5.0.5 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). | |||||
| CVE-2022-43361 | 1 Slims | 1 Senayan Library Management System | 2025-05-05 | N/A | 4.8 MEDIUM |
| Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component pop_chart.php. | |||||
| CVE-2022-43082 | 1 Fast Food Ordering System Project | 1 Fast Food Ordering System | 2025-05-05 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /fastfood/purchase.php of Fast Food Ordering System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the customer parameter. | |||||
| CVE-2022-42753 | 1 Salonerp Project | 1 Salonerp | 2025-05-05 | N/A | 6.1 MEDIUM |
| SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks. | |||||
| CVE-2022-42750 | 1 Auieo | 1 Candidats | 2025-05-05 | N/A | 8.8 HIGH |
| CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user. | |||||
| CVE-2022-42749 | 1 Auieo | 1 Candidats | 2025-05-05 | N/A | 6.1 MEDIUM |
| CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. | |||||
| CVE-2022-42748 | 1 Auieo | 1 Candidats | 2025-05-05 | N/A | 6.1 MEDIUM |
| CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. | |||||
| CVE-2022-42747 | 1 Auieo | 1 Candidats | 2025-05-05 | N/A | 6.1 MEDIUM |
| CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. | |||||
| CVE-2022-42746 | 1 Auieo | 1 Candidats | 2025-05-05 | N/A | 6.1 MEDIUM |
| CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. | |||||
| CVE-2022-41435 | 1 Openwrt | 1 Luci | 2025-05-05 | N/A | 5.4 MEDIUM |
| OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted public key comments. | |||||
| CVE-2022-30615 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-05-05 | N/A | 5.4 MEDIUM |
| "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227592. | |||||
| CVE-2022-43372 | 1 Emlog | 1 Emlog | 2025-05-05 | N/A | 4.8 MEDIUM |
| Emlog Pro v1.7.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /admin/store.php. | |||||
| CVE-2022-43982 | 1 Apache | 1 Airflow | 2025-05-02 | N/A | 6.1 MEDIUM |
| In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. | |||||
| CVE-2022-43670 | 1 Apache | 1 Sling Cms | 2025-05-02 | N/A | 5.4 MEDIUM |
| An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature. | |||||
| CVE-2022-40840 | 1 Ndk-design | 1 Ndkadvancedcustomizationfields | 2025-05-02 | N/A | 6.1 MEDIUM |
| ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Cross Site Scripting (XSS) via createPdf.php. | |||||
| CVE-2022-35642 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-05-02 | N/A | 5.4 MEDIUM |
| "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227592." | |||||