CVE-2022-22436
IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 224164.
Source: CVE-2022-22436
CVE-2022-22435
IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Source: CVE-2022-22435
CVE-2021-41162
Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to beta6 the `ajax.render.php?operation=wizard_helper` page did not properly escape the user supplied parameters, allowing for a cross site scripting attack vector. Users are advised to upgrade. There are no known workarounds for this issue.
Source: CVE-2021-41162
CVE-2021-41161
Combodo iTop is a web based IT Service Management tool. In versions prior to 3.0.0-beta6 the export CSV page don’t properly escape the user supplied parameters, allowing for javascript injection into rendered csv files. Users are advised to upgrade. There are no known workarounds for this issue.
Source: CVE-2021-41161
CVE-2022-0272
Improper Restriction of XML External Entity Reference in GitHub repository detekt/detekt prior to 1.20.0.
Source: CVE-2022-0272
CVE-2022-1022
Cross-site Scripting (XSS) – Stored in GitHub repository chatwoot/chatwoot prior to 2.5.0.
Source: CVE-2022-1022
CVE-2022-24272
An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. This may result in mongod denial of service or server crash. This issue affects: MongoDB Inc. MongoDB Server v5.0 versions, prior to and including v5.0.6.
Source: CVE-2022-24272
CVE-2022-1420
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.
Source: CVE-2022-1420
CVE-2022-27237
There is a cross-site scripting (XSS) vulnerability in an NI Web Server component installed with several NI products. Depending on the product(s) in use, remediation guidance includes: install SystemLink version 2021 R3 or later, install FlexLogger 2022 Q2 or later, install LabVIEW 2021 SP1, install G Web Development 2022 R1 or later, or install Static Test Software Suite version 1.2 or later.
Source: CVE-2022-27237
CVE-2022-29498
Blazer before 2.6.0 allows SQL Injection. In certain circumstances, an attacker could get a user to run a query they would not have normally run.
Source: CVE-2022-29498