CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 1 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-31624 404 DoS 2022-05-25 2022-05-28
2.1
None Local Low Not required None None Partial
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
2 CVE-2022-31623 667 DoS 2022-05-25 2022-05-28
2.1
None Local Low Not required None None Partial
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
3 CVE-2022-31622 404 DoS 2022-05-25 2022-05-28
2.1
None Local Low Not required None None Partial
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
4 CVE-2022-31621 667 DoS 2022-05-25 2022-05-28
2.1
None Local Low Not required None None Partial
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
5 CVE-2022-30970 79 XSS 2022-05-17 2022-05-25
3.5
None Remote Medium ??? None Partial None
Jenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropdown Autocomplete parameter and Auto Complete String parameter names in an unsafe manner from Javascript embedded in view definitions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
6 CVE-2022-30968 79 XSS 2022-05-17 2022-05-25
3.5
None Remote Medium ??? None Partial None
Jenkins vboxwrapper Plugin 1.3 and earlier does not escape the name and description of VBox node parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
7 CVE-2022-30967 79 XSS 2022-05-17 2022-05-25
3.5
None Remote Medium ??? None Partial None
Jenkins Selection tasks Plugin 1.0 and earlier does not escape the name and description of Script Selection task variable parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
8 CVE-2022-30966 79 XSS 2022-05-17 2022-05-25
3.5
None Remote Medium ??? None Partial None
Jenkins Random String Parameter Plugin 1.0 and earlier does not escape the name and description of Random String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
9 CVE-2022-30965 79 XSS 2022-05-17 2022-05-25
3.5
None Remote Medium ??? None Partial None
Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
10 CVE-2022-30964 79 XSS 2022-05-17 2022-05-25
3.5
None Remote Medium ??? None Partial None
Jenkins Multiselect parameter Plugin 1.3 and earlier does not escape the name and description of Multiselect parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
11 CVE-2022-30963 79 XSS 2022-05-17 2022-05-25
3.5
None Remote Medium ??? None Partial None
Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
12 CVE-2022-30962 79 XSS 2022-05-17 2022-05-25
3.5
None Remote Medium ??? None Partial None
Jenkins Global Variable String Parameter Plugin 1.2 and earlier does not escape the name and description of Global Variable String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
13 CVE-2022-30961 79 XSS 2022-05-17 2022-05-25
3.5
None Remote Medium ??? None Partial None
Jenkins Autocomplete Parameter Plugin 1.1 and earlier does not escape the name of Dropdown Autocomplete and Auto Complete String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
14 CVE-2022-30960 79 XSS 2022-05-17 2022-05-25
3.5
None Remote Medium ??? None Partial None
Jenkins Application Detector Plugin 1.0.8 and earlier does not escape the name of Chois Application Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
15 CVE-2022-30956 79 XSS 2022-05-17 2022-05-26
3.5
None Remote Medium ??? None Partial None
Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to submit crafted Rundeck webhook payloads.
16 CVE-2022-30842 79 XSS 2022-05-24 2022-05-28
3.5
None Remote Medium ??? None Partial None
Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ctpms/classes/Users.php?f=save, firstname.
17 CVE-2022-30596 79 XSS 2022-05-18 2022-05-26
3.5
None Remote Medium ??? None Partial None
A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk.
18 CVE-2022-30464 79 XSS 2022-05-24 2022-05-28
3.5
None Remote Medium ??? None Partial None
ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Site Scripting (XSS) via /simple_chat_bot/classes/Master.php?f=save_response.
19 CVE-2022-30462 79 XSS 2022-05-24 2022-05-28
3.5
None Remote Medium ??? None Partial None
Water-billing-management-system v1.0 is affected by: Cross Site Scripting (XSS) via /wbms/classes/Users.php?f=save, firstname.
20 CVE-2022-30460 79 XSS 2022-05-24 2022-05-28
3.5
None Remote Medium ??? None Partial None
Simple Social Networking Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /sns/classes/Users.php?f=save, firstname.
21 CVE-2022-30458 79 XSS 2022-05-24 2022-05-28
3.5
None Remote Medium ??? None Partial None
Automotive Shop Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /asms/classes/Master.php?f=save_product, name.
22 CVE-2022-30456 79 XSS 2022-05-24 2022-05-28
3.5
None Remote Medium ??? None Partial None
Badminton Center Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /bcms/classes/Master.php?f=save_court_rental.
23 CVE-2022-30073 79 XSS 2022-05-17 2022-05-26
3.5
None Remote Medium ??? None Partial None
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via /admin/users/save.php.
24 CVE-2022-30072 79 XSS 2022-05-17 2022-05-25
3.5
None Remote Medium ??? None Partial None
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\pages\sections_save.php namesection2 parameters.
25 CVE-2022-30057 79 XSS 2022-05-11 2022-05-20
3.5
None Remote Medium ??? None Partial None
Shopwind <=v3.4.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability.
26 CVE-2022-30013 79 XSS 2022-05-16 2022-05-24
3.5
None Remote Medium ??? None Partial None
A stored cross-site scripting (XSS) vulnerability in the upload function of totaljs CMS 3.4.5 allows attackers to execute arbitrary web scripts via a JavaScript embedded PDF file.
27 CVE-2022-29976 79 XSS 2022-05-11 2022-05-17
3.5
None Remote Medium ??? None Partial None
An Authenticated Reflected Cross-site scripting at BCC Parameter was discovered in MDaemon before 22.0.0 .
28 CVE-2022-29975 79 XSS 2022-05-11 2022-05-17
3.5
None Remote Medium ??? None Partial None
An Authenticated Reflected Cross-site scripting at CC Parameter was discovered in MDaemon before 22.0.0 .
29 CVE-2022-29973 770 +Info 2022-05-02 2022-05-11
1.9
None Local Medium Not required Partial None None
relan exFAT 1.3.0 allows local users to obtain sensitive information (data from deleted files in the filesystem) in certain situations involving offsets beyond ValidDataLength.
30 CVE-2022-29940 79 XSS 2022-05-05 2022-05-12
3.5
None Remote Medium ??? None Partial None
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities.
31 CVE-2022-29939 79 XSS 2022-05-05 2022-05-12
3.5
None Remote Medium ??? None Partial None
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities.
32 CVE-2022-29868 312 Bypass 2022-05-09 2022-05-18
2.1
None Local Low Not required Partial None None
1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Malicious software running on the same computer can exfiltrate secrets from 1Password provided that 1Password is running and is unlocked. Affected secrets include vault items and derived values used for signing in to 1Password.
33 CVE-2022-29820 668 2022-04-28 2022-05-05
3.3
None Local Network Low Not required Partial None None
In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible
34 CVE-2022-29818 346 2022-04-28 2022-05-05
3.6
None Local Low Not required Partial Partial None
In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed
35 CVE-2022-29816 74 2022-04-28 2022-05-05
2.1
None Local Low Not required None Partial None
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible
36 CVE-2022-29812 2022-04-28 2022-05-05
2.1
None Local Low Not required None Partial None
In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient
37 CVE-2022-29811 79 XSS 2022-04-28 2022-05-05
3.5
None Remote Medium ??? None Partial None
In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible.
38 CVE-2022-29810 532 2022-04-27 2022-05-10
2.1
None Local Low Not required Partial None None
The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter.
39 CVE-2022-29727 79 XSS 2022-05-11 2022-05-23
3.5
None Remote Medium ??? None Partial None
Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting (XSS) vulnerability in the Signup parameter.
40 CVE-2022-29610 79 XSS 2022-05-11 2022-05-19
3.5
None Remote Medium ??? None Partial None
SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack.
41 CVE-2022-29584 79 XSS 2022-04-28 2022-05-06
3.5
None Remote Medium ??? None Partial None
Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action.
42 CVE-2022-29532 79 XSS 2022-04-20 2022-04-27
3.5
None Remote Medium ??? None Partial None
An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: URL in the URL field, and another administrator clicks on it.
43 CVE-2022-29531 79 XSS 2022-04-20 2022-04-27
3.5
None Remote Medium ??? None Partial None
An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name.
44 CVE-2022-29530 79 XSS 2022-04-20 2022-04-27
3.5
None Remote Medium ??? None Partial None
An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters.
45 CVE-2022-29529 79 XSS 2022-04-20 2022-04-27
3.5
None Remote Medium ??? None Partial None
An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field.
46 CVE-2022-29449 79 XSS 2022-05-19 2022-05-25
3.5
None Remote Medium ??? None Partial None
Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Opal Hotel Room Booking plugin <= 1.2.7 at WordPress.
47 CVE-2022-29444 264 XSS 2022-05-02 2022-05-09
3.5
None Remote Medium ??? None Partial None
Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wp_ajax_* actions in the class Breeze_Configuration which includes the ability to change any of the plugin's settings including CDN setting which could be further used for XSS attack.
48 CVE-2022-29433 79 XSS 2022-05-13 2022-05-23
3.5
None Remote Medium ??? None Partial None
Authenticated (contributor or higher role) Cross-Site Scripting (XSS) vulnerability in Donations plugin <= 1.8 on WordPress.
49 CVE-2022-29432 79 XSS 2022-05-20 2022-05-26
3.5
None Remote Medium ??? None Partial None
Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin <= 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable parameters.
50 CVE-2022-29428 79 XSS 2022-05-20 2022-05-26
3.5
None Remote Medium ??? None Partial None
Cross-Site Scripting (XSS) vulnerability in Muneeb's WP Slider Plugin <= 1.4.5 at WordPress.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.