Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-20092 | 1 Yoast | 1 Google Analytics Dashboard | 2022-06-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in Google Analytics Dashboard Plugin 2.1.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. The attack can be launched remotely. | |||||
| CVE-2022-1266 | 1 Wpwax | 1 Post Grid\, Slider \& Carousel Ultimate | 2022-06-30 | 3.5 LOW | 4.8 MEDIUM |
| The Post Grid, Slider & Carousel Ultimate WordPress plugin before 1.5.0 does not sanitise and escape the Header Title, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2017-20094 | 1 Newstatpress Project | 1 Newstatpress | 2022-06-30 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in NewStatPress Plugin 1.2.4. This issue affects some unknown processing. The manipulation leads to basic cross site scripting (Persistent). The attack may be initiated remotely. Upgrading to version 1.2.5 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20097 | 1 Wp-filebase Download Manager Project | 1 Wp-filebase Download Manager | 2022-06-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in WP-Filebase Download Manager Plugin 3.4.4. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. | |||||
| CVE-2020-5298 | 1 Octobercms | 1 October | 2022-06-30 | 3.5 LOW | 4.8 MEDIUM |
| In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, a user with the ability to use the import functionality of the `ImportExportController` behavior can be socially engineered by an attacker to upload a maliciously crafted CSV file which could result in a reflected XSS attack on the user in question Issue has been patched in Build 466 (v1.0.466). | |||||
| CVE-2021-25088 | 1 Google Xml Sitemaps Project | 1 Google Xml Sitemaps | 2022-06-30 | 3.5 LOW | 4.8 MEDIUM |
| The XML Sitemaps WordPress plugin before 4.1.3 does not sanitise and escape a settings before outputting it in the Debug page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2021-25104 | 1 Oceanwp | 1 Ocean Extra | 2022-06-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Ocean Extra WordPress plugin before 1.9.5 does not escape generated links which are then used when the OceanWP is active, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2022-34189 | 1 Jenkins | 1 Image Tag Parameter | 2022-06-30 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Image Tag Parameter Plugin 1.10 and earlier does not escape the name and description of Image Tag parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34188 | 1 Jenkins | 1 Hidden Parameter | 2022-06-30 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34187 | 1 Jenkins | 1 Filesystem List Parameter | 2022-06-30 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not escape the name and description of File system objects list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34186 | 1 Jenkins | 1 Dynamic Extended Choice Parameter | 2022-06-30 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34185 | 1 Jenkins | 1 Date Parameter | 2022-06-30 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Date Parameter Plugin 0.0.4 and earlier does not escape the name and description of Date parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34184 | 1 Jenkins | 1 Crx Content Package Deployer | 2022-06-30 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34171 | 1 Jenkins | 1 Jenkins | 2022-06-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Jenkins 2.321 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' (until Jenkins 2.334) and 'alt' attribute of 'l:icon' (since Jenkins 2.335) without further escaping, resulting in a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2022-34172 | 1 Jenkins | 1 Jenkins | 2022-06-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2022-34170 | 1 Jenkins | 1 Jenkins | 2022-06-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2022-34173 | 1 Jenkins | 1 Jenkins | 2022-06-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2017-20096 | 1 Wp-spamfree Anti-spam Project | 1 Wp-spamfree Anti-spam | 2022-06-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in WP-SpamFree Anti-Spam Plugin 2.1.1.4. This affects an unknown part. The manipulation leads to basic cross site scripting. It is possible to initiate the attack remotely. | |||||
| CVE-2022-32987 | 1 Simple Bakery Shop Management System Project | 1 Simple Bakery Shop Management System | 2022-06-29 | 3.5 LOW | 4.8 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in /bsms/?page=manage_account of Simple Bakery Shop Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username or Full Name fields. | |||||
| CVE-2022-34328 | 1 Pmb Project | 1 Pmb | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_see request to index.php. | |||||
| CVE-2017-20089 | 1 Gwolle Guestbook Project | 1 Gwolle Guestbook | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in Gwolle Guestbook Plugin 1.7.4. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to basic cross site scripting. The attack may be initiated remotely. | |||||
| CVE-2020-13562 | 2 Open-emr, Phpgacl Project | 2 Openemr, Phpgacl | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnaerability in the phpGACL template action parameter. | |||||
| CVE-2020-27982 | 1 Icewarp | 1 Mail Server | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| IceWarp 11.4.5.0 allows XSS via the language parameter. | |||||
| CVE-2020-28034 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress before 5.5.2 allows XSS associated with global variables. | |||||
| CVE-2020-28038 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress before 5.5.2 allows stored XSS via post slugs. | |||||
| CVE-2022-34194 | 1 Jenkins | 1 Readonly Parameter | 2022-06-29 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Readonly String and Readonly Text parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34193 | 1 Jenkins | 1 Package Version | 2022-06-29 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Package Version Plugin 1.0.1 and earlier does not escape the name of Package version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34192 | 1 Jenkins | 1 Ontrack | 2022-06-29 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34191 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2022-06-29 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.77 and earlier does not escape the name of NetStorm Test parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34190 | 1 Jenkins | 1 Maven Metadata | 2022-06-29 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2017-20087 | 1 Thealpinepress | 1 Alpine-photo-tile-for-instagram | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Alpine PhotoTile for Instagram Plugin 1.2.7.7. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. | |||||
| CVE-2022-34176 | 1 Jenkins | 1 Junit | 2022-06-29 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission. | |||||
| CVE-2017-20085 | 1 Bytesforall | 1 Atahualpa | 2022-06-29 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability has been found in Atahualpa Theme and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. The attack can be launched remotely. | |||||
| CVE-2022-34183 | 1 Jenkins | 1 Agent Server Parameter | 2022-06-29 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Agent Server parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34182 | 1 Jenkins | 1 Nested View | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not escape search parameters, resulting in a reflected cross-site scripting (XSS) vulnerability. | |||||
| CVE-2021-29055 | 1 School File Management System Project | 1 School File Management System | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Firtstname parameter to the Update Account form in student_profile.php. | |||||
| CVE-2021-46824 | 1 School File Management System Project | 1 School File Management System | 2022-06-29 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Lastname parameter to the Update Account form in student_profile.php. | |||||
| CVE-2022-34178 | 1 Jenkins | 1 Embeddable Build Status | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link' query parameter that build status badges will link to, without restricting possible values, resulting in a reflected cross-site scripting (XSS) vulnerability. | |||||
| CVE-2021-41432 | 1 Flatpress | 1 Flatpress | 2022-06-29 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content. | |||||
| CVE-2022-23077 | 1 Habitica | 1 Habitica | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| In habitica versions v4.119.0 through v4.232.2 are vulnerable to DOM XSS via the login page. | |||||
| CVE-2022-33113 | 1 Jflyfox | 1 Jfinal Cms | 2022-06-29 | 3.5 LOW | 5.4 MEDIUM |
| Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module. | |||||
| CVE-2022-30874 | 1 Nukeviet | 1 Nukeviet | 2022-06-29 | 3.5 LOW | 5.4 MEDIUM |
| There is a Cross Site Scripting Stored (XSS) vulnerability in NukeViet CMS before 4.5.02. | |||||
| CVE-2022-33119 | 1 Nuuo | 2 Nvrsolo, Nvrsolo Firmware | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via login.php. | |||||
| CVE-2022-32125 | 1 74cms | 1 74cmsse | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /job. | |||||
| CVE-2022-32124 | 1 74cms | 1 74cmsse | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /index/jobfairol/show/. | |||||
| CVE-2022-32128 | 1 74cms | 1 74cmsse | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/service/increment/add/im. | |||||
| CVE-2022-32126 | 1 74cms | 1 74cmsse | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company. | |||||
| CVE-2022-32127 | 1 74cms | 1 74cmsse | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/view_be_browsed/total. | |||||
| CVE-2022-32130 | 1 74cms | 1 74cmsse | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/down_resume/total/nature. | |||||
| CVE-2022-32131 | 1 74cms | 1 74cmsse | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /index/notice/show. | |||||