• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2022-24399

February 23, 2023 by godfreyd94

The SAP Focused Run (Real User Monitoring) – versions 200, 300, REST service does not sufficiently sanitize the input name of the file using multipart/form-data, resulting in Cross-Site Scripting (XSS) vulnerability.

CVE-2022-24338

February 23, 2023 by

JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.

CVE-2022-24339

February 23, 2023 by

JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.

CVE-2022-24344

February 23, 2023 by

JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page.

CVE-2022-24347

February 23, 2023 by

JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon.

CVE-2022-24349

February 23, 2023 by

An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors – an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim’s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 2041
  • Go to page 2042
  • Go to page 2043
  • Go to page 2044
  • Go to page 2045
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE