| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-31624 |
404 |
|
DoS |
2022-05-25 |
2022-05-28 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. |
|
2 |
CVE-2022-31623 |
667 |
|
DoS |
2022-05-25 |
2022-05-28 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. |
|
3 |
CVE-2022-31622 |
404 |
|
DoS |
2022-05-25 |
2022-05-28 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. |
|
4 |
CVE-2022-31621 |
667 |
|
DoS |
2022-05-25 |
2022-05-28 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. |
|
5 |
CVE-2022-30970 |
79 |
|
XSS |
2022-05-17 |
2022-05-25 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Jenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropdown Autocomplete parameter and Auto Complete String parameter names in an unsafe manner from Javascript embedded in view definitions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
|
6 |
CVE-2022-30968 |
79 |
|
XSS |
2022-05-17 |
2022-05-25 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Jenkins vboxwrapper Plugin 1.3 and earlier does not escape the name and description of VBox node parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
|
7 |
CVE-2022-30967 |
79 |
|
XSS |
2022-05-17 |
2022-05-25 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Jenkins Selection tasks Plugin 1.0 and earlier does not escape the name and description of Script Selection task variable parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
|
8 |
CVE-2022-30966 |
79 |
|
XSS |
2022-05-17 |
2022-05-25 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Jenkins Random String Parameter Plugin 1.0 and earlier does not escape the name and description of Random String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
|
9 |
CVE-2022-30965 |
79 |
|
XSS |
2022-05-17 |
2022-05-25 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
|
10 |
CVE-2022-30964 |
79 |
|
XSS |
2022-05-17 |
2022-05-25 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Jenkins Multiselect parameter Plugin 1.3 and earlier does not escape the name and description of Multiselect parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
|
11 |
CVE-2022-30963 |
79 |
|
XSS |
2022-05-17 |
2022-05-25 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
|
12 |
CVE-2022-30962 |
79 |
|
XSS |
2022-05-17 |
2022-05-25 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Jenkins Global Variable String Parameter Plugin 1.2 and earlier does not escape the name and description of Global Variable String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
|
13 |
CVE-2022-30961 |
79 |
|
XSS |
2022-05-17 |
2022-05-25 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Jenkins Autocomplete Parameter Plugin 1.1 and earlier does not escape the name of Dropdown Autocomplete and Auto Complete String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
|
14 |
CVE-2022-30960 |
79 |
|
XSS |
2022-05-17 |
2022-05-25 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Jenkins Application Detector Plugin 1.0.8 and earlier does not escape the name of Chois Application Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
|
15 |
CVE-2022-30956 |
79 |
|
XSS |
2022-05-17 |
2022-05-26 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to submit crafted Rundeck webhook payloads. |
|
16 |
CVE-2022-30842 |
79 |
|
XSS |
2022-05-24 |
2022-05-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ctpms/classes/Users.php?f=save, firstname. |
|
17 |
CVE-2022-30596 |
79 |
|
XSS |
2022-05-18 |
2022-05-26 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk. |
|
18 |
CVE-2022-30464 |
79 |
|
XSS |
2022-05-24 |
2022-05-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Site Scripting (XSS) via /simple_chat_bot/classes/Master.php?f=save_response. |
|
19 |
CVE-2022-30462 |
79 |
|
XSS |
2022-05-24 |
2022-05-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Water-billing-management-system v1.0 is affected by: Cross Site Scripting (XSS) via /wbms/classes/Users.php?f=save, firstname. |
|
20 |
CVE-2022-30460 |
79 |
|
XSS |
2022-05-24 |
2022-05-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Simple Social Networking Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /sns/classes/Users.php?f=save, firstname. |
|
21 |
CVE-2022-30458 |
79 |
|
XSS |
2022-05-24 |
2022-05-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Automotive Shop Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /asms/classes/Master.php?f=save_product, name. |
|
22 |
CVE-2022-30456 |
79 |
|
XSS |
2022-05-24 |
2022-05-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Badminton Center Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /bcms/classes/Master.php?f=save_court_rental. |
|
23 |
CVE-2022-30073 |
79 |
|
XSS |
2022-05-17 |
2022-05-26 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via /admin/users/save.php. |
|
24 |
CVE-2022-30072 |
79 |
|
XSS |
2022-05-17 |
2022-05-25 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\pages\sections_save.php namesection2 parameters. |
|
25 |
CVE-2022-30057 |
79 |
|
XSS |
2022-05-11 |
2022-05-20 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Shopwind <=v3.4.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability. |
|
26 |
CVE-2022-30013 |
79 |
|
XSS |
2022-05-16 |
2022-05-24 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A stored cross-site scripting (XSS) vulnerability in the upload function of totaljs CMS 3.4.5 allows attackers to execute arbitrary web scripts via a JavaScript embedded PDF file. |
|
27 |
CVE-2022-29976 |
79 |
|
XSS |
2022-05-11 |
2022-05-17 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
An Authenticated Reflected Cross-site scripting at BCC Parameter was discovered in MDaemon before 22.0.0 . |
|
28 |
CVE-2022-29975 |
79 |
|
XSS |
2022-05-11 |
2022-05-17 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
An Authenticated Reflected Cross-site scripting at CC Parameter was discovered in MDaemon before 22.0.0 . |
|
29 |
CVE-2022-29940 |
79 |
|
XSS |
2022-05-05 |
2022-05-12 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities. |
|
30 |
CVE-2022-29939 |
79 |
|
XSS |
2022-05-05 |
2022-05-12 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities. |
|
31 |
CVE-2022-29868 |
312 |
|
Bypass |
2022-05-09 |
2022-05-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Malicious software running on the same computer can exfiltrate secrets from 1Password provided that 1Password is running and is unlocked. Affected secrets include vault items and derived values used for signing in to 1Password. |
|
32 |
CVE-2022-29820 |
668 |
|
|
2022-04-28 |
2022-05-05 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible |
|
33 |
CVE-2022-29818 |
346 |
|
|
2022-04-28 |
2022-05-05 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed |
|
34 |
CVE-2022-29816 |
74 |
|
|
2022-04-28 |
2022-05-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible |
|
35 |
CVE-2022-29812 |
|
|
|
2022-04-28 |
2022-05-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient |
|
36 |
CVE-2022-29811 |
79 |
|
XSS |
2022-04-28 |
2022-05-05 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible. |
|
37 |
CVE-2022-29810 |
532 |
|
|
2022-04-27 |
2022-05-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter. |
|
38 |
CVE-2022-29727 |
79 |
|
XSS |
2022-05-11 |
2022-05-23 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting (XSS) vulnerability in the Signup parameter. |
|
39 |
CVE-2022-29610 |
79 |
|
XSS |
2022-05-11 |
2022-05-19 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack. |
|
40 |
CVE-2022-29584 |
79 |
|
XSS |
2022-04-28 |
2022-05-06 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action. |
|
41 |
CVE-2022-29532 |
79 |
|
XSS |
2022-04-20 |
2022-04-27 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: URL in the URL field, and another administrator clicks on it. |
|
42 |
CVE-2022-29531 |
79 |
|
XSS |
2022-04-20 |
2022-04-27 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name. |
|
43 |
CVE-2022-29530 |
79 |
|
XSS |
2022-04-20 |
2022-04-27 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters. |
|
44 |
CVE-2022-29529 |
79 |
|
XSS |
2022-04-20 |
2022-04-27 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field. |
|
45 |
CVE-2022-29449 |
79 |
|
XSS |
2022-05-19 |
2022-05-25 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Opal Hotel Room Booking plugin <= 1.2.7 at WordPress. |
|
46 |
CVE-2022-29444 |
264 |
|
XSS |
2022-05-02 |
2022-05-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wp_ajax_* actions in the class Breeze_Configuration which includes the ability to change any of the plugin's settings including CDN setting which could be further used for XSS attack. |
|
47 |
CVE-2022-29433 |
79 |
|
XSS |
2022-05-13 |
2022-05-23 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Authenticated (contributor or higher role) Cross-Site Scripting (XSS) vulnerability in Donations plugin <= 1.8 on WordPress. |
|
48 |
CVE-2022-29432 |
79 |
|
XSS |
2022-05-20 |
2022-05-26 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin <= 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable parameters. |
|
49 |
CVE-2022-29428 |
79 |
|
XSS |
2022-05-20 |
2022-05-26 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-Site Scripting (XSS) vulnerability in Muneeb's WP Slider Plugin <= 1.4.5 at WordPress. |
|
50 |
CVE-2022-29424 |
79 |
|
XSS |
2022-05-20 |
2022-05-26 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Authenticated (admin or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in Biplob Adhikari's Image Hover Effects Ultimate plugin <= 9.7.1 at WordPress. |
