Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles.
CWE-79
CVE-2022-35133
A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node.
CVE-2022-35134
Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting (XSS) vulnerability.
CVE-2022-35137
DGIOT Lightweight industrial IoT v4.5.4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.
CVE-2022-35144
Renato v0.17.0 was discovered to contain a cross-site scripting (XSS) vulnerability.
CVE-2022-35151
kkFileView v4.1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.