Search Results (364725 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-37257 1 Stealjs 1 Steal 2024-11-21 9.8 Critical
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the requestedVersion variable in npm-convert.js.
CVE-2022-37254 1 Dolphinphp Project 1 Dolphinphp 2024-11-21 5.4 Medium
DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting (XSS) via Background - > System - > system function - > configuration management.
CVE-2022-37253 1 Crime Reporting System Project 1 Crime Reporting System 2024-11-21 5.4 Medium
Persistent cross-site scripting (XSS) in Crime Reporting System 1.0 allows a remote attacker to introduce arbitary Javascript via manipulation of an unsanitized POST parameter
CVE-2022-37251 1 Craftcms 1 Craft Cms 2024-11-21 5.4 Medium
Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts.
CVE-2022-37248 1 Craftcms 1 Craft Cms 2024-11-21 5.4 Medium
Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php.
CVE-2022-37247 1 Craftcms 1 Craft Cms 2024-11-21 5.4 Medium
Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page.
CVE-2022-37245 1 Altn 1 Security Gateway For Email Servers 2024-11-21 5.4 Medium
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the Blacklist endpoint.
CVE-2022-37244 1 Altn 1 Security Gateway For Email Servers 2024-11-21 5.4 Medium
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter. after login leads to inject malicious tag leads to IFRAME injection.
CVE-2022-37243 1 Altn 1 Security Gateway For Email Servers 2024-11-21 5.4 Medium
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the whitelist endpoint.
CVE-2022-37242 1 Altn 1 Security Gateway For Email Servers 2024-11-21 9.8 Critical
MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitting via the data parameter.
CVE-2022-37241 1 Altn 1 Security Gateway For Email Servers 2024-11-21 5.4 Medium
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the data_leak_list_ajax endpoint.
CVE-2022-37240 1 Altn 1 Security Gateway For Email Servers 2024-11-21 9.8 Critical
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to HTTP Response splitting via the format parameter.
CVE-2022-37239 1 Altn 1 Security Gateway For Email Servers 2024-11-21 5.4 Medium
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the rulles_list_ajax endpoint.
CVE-2022-37238 1 Altn 1 Security Gateway For Email Servers 2024-11-21 5.4 Medium
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the currentRequest parameter.
CVE-2022-37237 1 Zlmediakit 1 Zlmediakit 2024-11-21 7.5 High
An attacker can send malicious RTMP requests to make the ZLMediaKit server crash remotely. Affected version is below commit 7d8b212a3c3368bc2f6507cb74664fc419eb9327.
CVE-2022-37223 1 Jflyfox 1 Jfinal Cms 2024-11-21 9.8 Critical
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list.
CVE-2022-37207 1 Jflyfox 1 Jfinal Cms 2024-11-21 8.8 High
JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection
CVE-2022-37203 1 Jflyfox 1 Jfinal Cms 2024-11-21 9.8 Critical
JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.
CVE-2022-37201 1 Jflyfox 1 Jfinal Cms 2024-11-21 8.8 High
JFinal CMS 5.1.0 is vulnerable to SQL Injection.
CVE-2022-37199 1 Jflyfox 1 Jfinal Cms 2024-11-21 9.8 Critical
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list.