Total
35136 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44957 | 1 Webtareas Project | 1 Webtareas | 2025-04-24 | N/A | 5.4 MEDIUM |
| webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | |||||
| CVE-2022-44956 | 1 Webtareas Project | 1 Webtareas | 2025-04-24 | N/A | 5.4 MEDIUM |
| webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /projects/listprojects.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | |||||
| CVE-2022-40849 | 1 Thinkcmf | 1 Thinkcmf | 2025-04-24 | N/A | 5.4 MEDIUM |
| ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting (XSS). An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's PHP session token (PHPSESSID). | |||||
| CVE-2022-45215 | 1 Book Store Management System Project | 1 Book Store Management System | 2025-04-24 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the Add New System User module. | |||||
| CVE-2022-44962 | 1 Webtareas Project | 1 Webtareas | 2025-04-24 | N/A | 5.4 MEDIUM |
| webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject field. | |||||
| CVE-2022-44961 | 1 Webtareas Project | 1 Webtareas | 2025-04-24 | N/A | 5.4 MEDIUM |
| webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /forums/editforum.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | |||||
| CVE-2022-44960 | 1 Webtareas Project | 1 Webtareas | 2025-04-24 | N/A | 5.4 MEDIUM |
| webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /general/search.php?searchtype=simple. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field. | |||||
| CVE-2022-44955 | 1 Webtareas Project | 1 Webtareas | 2025-04-24 | N/A | 5.4 MEDIUM |
| webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the Chat function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Messages field. | |||||
| CVE-2022-44954 | 1 Webtareas Project | 1 Webtareas | 2025-04-24 | N/A | 5.4 MEDIUM |
| webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /contacts/listcontacts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name field after clicking "Add". | |||||
| CVE-2022-44953 | 1 Webtareas Project | 1 Webtareas | 2025-04-24 | N/A | 5.4 MEDIUM |
| webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add". | |||||
| CVE-2022-44952 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-24 | N/A | 5.4 MEDIUM |
| Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking "Add". | |||||
| CVE-2022-44951 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-24 | N/A | 5.4 MEDIUM |
| Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | |||||
| CVE-2022-3709 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2025-04-24 | N/A | 6.8 MEDIUM |
| A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA. | |||||
| CVE-2022-38803 | 1 Zkteco | 1 Biotime | 2025-04-24 | N/A | 6.8 MEDIUM |
| Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. An authenticated employee can read local files by exploiting XSS into a pdf generator when exporting data as a PDF | |||||
| CVE-2022-38802 | 1 Zkteco | 1 Biotime | 2025-04-24 | N/A | 6.2 MEDIUM |
| Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. An authenticated administrator can read local files by exploiting XSS into a pdf generator when exporting data as a PDF | |||||
| CVE-2022-38801 | 1 Zkteco | 1 Biotime | 2025-04-24 | N/A | 5.4 MEDIUM |
| In Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting. | |||||
| CVE-2023-41425 | 1 Wondercms | 1 Wondercms | 2025-04-24 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component. | |||||
| CVE-2022-37926 | 1 Arubanetworks | 1 Edgeconnect Enterprise | 2025-04-24 | N/A | 5.5 MEDIUM |
| A vulnerability within the web-based management interface of EdgeConnect Enterprise could allow a remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface by uploading a specially crafted file. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | |||||
| CVE-2022-37925 | 1 Arubanetworks | 1 Edgeconnect Enterprise | 2025-04-24 | N/A | 6.1 MEDIUM |
| A vulnerability within the web-based management interface of Aruba EdgeConnect Enterprise could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | |||||
| CVE-2024-41446 | 1 Alkacon | 1 Opencms | 2025-04-24 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function. | |||||