CVE-2022-22763

CVE-2022-22763 describes a post-shutdown script execution issue in Mozilla Firefox, Thunderbird and Firefox ESR where a worker could run late in the lifecycle after it should be prevented. Affected products: Firefox < 96, Thunderbird < 91.6, Firefox ESR

CVE-2022-34468

An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...

CVE-2022-34475

Mozilla Firefox vulnerability CVE-2022-34475 involves SVG tags referencing a same-origin document that could lead to script execution if attacker input is sanitized via the HTML Sanitizer API. Affected product: Firefox prior to version 102. Root cause: improper handling of in combination with s...

Fedora 35 : libreoffice (2022-775c747e4a)

The remote Fedora 35 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-775c747e4a advisory. LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command...

CVE-2022-28284

CVE-2022-28284 affects Mozilla Firefox older than 99. The SVG element could load unexpected content and execute scripts, aligning Gecko with other browsers but diverging from spec-driven security expectations. Impact is high across confidentiality, integrity, and availability. Firefox 99 and lat...

CVE-2022-29911

An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could lead to script execution without allow-scripts being present. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...

CVE-2022-34468

An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...

CVE-2022-40841

A cross-site scripting XSS vulnerability in NdkAdvancedCustomizationFields v3.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payloads injected into the "htmlNodes" parameter...

CVE-2022-42453

There are insufficient warnings when a Fixlet is imported by a user. The warning message currently assumes the owner of the script is the logged in user, with insufficient warnings when attempting to run the script...

CVE-2022-42453 HCL BigFix Platform is affected by insufficient warnings

There are insufficient warnings when a Fixlet is imported by a user. The warning message currently assumes the owner of the script is the logged in user, with insufficient warnings when attempting to run the script...

CVE-2022-45033

A cross-site scripting XSS vulnerability in Expense Tracker 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat text field...

PT-2022-27380 · Unknown · Expense Tracker

Name of the Vulnerable Software and Affected Versions: Expense Tracker version 1.0 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat text field. Recommendations: For Expense Tracker version 1.0,...

CVE-2022-45033

A cross-site scripting XSS vulnerability in Expense Tracker 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat text field...

CVE-2022-45033

CVE-2022-45033 refers to an XSS vulnerability in Expense Tracker 1.0 that enables an attacker to inject and execute arbitrary web scripts or HTML via the Chat text field. The root cause is improper input sanitization in the Chat field, enabling script execution in the victim’s browser. Affected s...

CVE-2022-31358

A reflected cross-site scripting XSS vulnerability in Proxmox Virtual Environment prior to v7.2-3 allows remote attackers to execute arbitrary web scripts or HTML via non-existent endpoints under path /api2/html/...

Redmine vulnerable to cross-site scripting

Overview Redmine contains a cross-site scripting vulnerability CWE-79 caused by improper Textile processing. Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

CVE-2022-45028

A cross-site scripting XSS vulnerability in Arris NVG443B 9.3.0h3d36 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request sent to /cgi-bin/logs.ha...

PT-2022-6001 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.14 and earlier Description: The issue is related to a reflected Cross-Site Scripting XSS vulnerability. It can be exploited if an attacker convinces a victim to visit a URL referencing a vulnerable page,...

CVE-2022-45028

A cross-site scripting XSS vulnerability in Arris NVG443B 9.3.0h3d36 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request sent to /cgi-bin/logs.ha...

CVE-2022-37925

A vulnerability within the web-based management interface of Aruba EdgeConnect Enterprise could allow a remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim...