Lucene search
K

15792 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:17 a.m.6 views

CVE-2022-29172

Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before 11.33.0, when the “additional signup fields” feature is configured, a malicious actor can inject invalidated HTML code...

6.1CVSS6.8AI score0.00581EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:15 a.m.6 views

CVE-2022-29362

A cross-site scripting XSS vulnerability in /navigation/create?ParentID=%23 of ZKEACMS v3.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ParentID parameter...

5.4CVSS5.7AI score0.00461EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:7 a.m.5 views

CVE-2022-46180

Discourse Mermaid discourse-mermaid-theme-component allows users of Discourse, open-source forum software, to create graphs using the Mermaid syntax. Users of discourse-mermaid-theme-component version 1.0.0 who can create posts are able to inject arbitrary HTML on that post. The issue has been...

5.4CVSS6.7AI score0.0047EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:6 a.m.8 views

CVE-2022-28982

A cross-site scripting XSS vulnerability in Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name of a tag...

6.1CVSS5.8AI score0.00357EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:58 a.m.7 views

CVE-2022-46905

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an unauthenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflected XSS...

6.1CVSS6.8AI score0.00385EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:50 a.m.6 views

CVE-2022-42452

HCL Launch is vulnerable to HTML injection. HTML code is stored and included without being sanitized. This can lead to further attacks such as XSS and Open Redirections...

5.4CVSS6.2AI score0.00341EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:39 a.m.19 views

CVE-2022-40027

SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the component newTask.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter...

6.1CVSS6.1AI score0.00666EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:39 a.m.8 views

CVE-2022-40029

SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter...

4.8CVSS6.1AI score0.00573EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:38 a.m.6 views

CVE-2022-40088

Simple College Website v1.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /collegewebsite/index.php?page=. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter...

6.1CVSS6.1AI score0.0061EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:33 a.m.8 views

CVE-2022-4142

The WordPress Filter Gallery Plugin WordPress plugin before 0.1.6 does not properly escape the filters passed in the ufggalleryfilters ajax action before outputting them on the page, allowing a high privileged user such as an administrator to inject HTML or javascript to the plugin settings page,...

4.8CVSS6.2AI score0.0047EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:30 a.m.5 views

CVE-2022-48547

A reflected cross-site scripting XSS vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at authchangepassword.php...

6.1CVSS5.7AI score0.00719EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:28 a.m.24 views

CVE-2022-48085

Softr v2.0 was discovered to contain a HTML injection vulnerability via the Work Space Name parameter...

5.4CVSS7.5AI score0.00604EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:27 a.m.6 views

CVE-2022-47870

A Cross Site Scripting XSS vulnerability in the web SQL monitor login page in Redgate SQL Monitor 12.1.31.893 allows remote attackers to inject arbitrary web Script or HTML via the returnUrl parameter...

6.1CVSS6.4AI score0.02229EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2025/05/23 12:25 a.m.9 views

CVE-2022-47102

A cross-site scripting XSS vulnerability in Student Study Center Management System V 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter...

5.4CVSS5.8AI score0.00534EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:24 a.m.12 views

CVE-2022-46903

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Stored XSS...

5.4CVSS6.4AI score0.00341EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 12:24 a.m.8 views

CVE-2022-46888

Multiple reflective cross-site scripting XSS vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q paramete...

6.1CVSS5.9AI score0.01543EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 12:18 a.m.13 views

CVE-2022-45613

Book Store Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability in /bsmsci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the publisher parameter...

5.4CVSS6AI score0.00459EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:15 a.m.10 views

CVE-2022-45016

A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer field...

4.8CVSS5.7AI score0.00493EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:5 a.m.6 views

CVE-2022-43707

MyBB 1.8.31 has a Cross-site scripting XSS vulnerability in the visual MyCode editor SCEditor allows remote attackers to inject HTML via user input or stored data...

6.1CVSS5.6AI score0.00469EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/23 12:0 a.m.10 views

CVE-2024-48702

PHPGurukul Old Age Home Management System v1.0 is vulnerable to HTML Injection via the searchdata parameter...

0.00209EPSS
Exploits1References1
Rows per page
Query Builder