Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-25034 | 1 Technicolor | 2 Thomson Tcw710, Thomson Tcw710 Firmware | 2022-06-21 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Thomson TCW710 ST5D.10.05. This issue affects some unknown processing of the file /goform/wlanPrimaryNetwork. The manipulation of the argument ServiceSetIdentifier with the input ><script>alert(1)</script> as part of POST Request leads to cross site scripting (Persistent). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-0388 | 1 Humananatomyillustrations | 1 Interactive Medical Drawing Of Human Body | 2022-06-20 | 3.5 LOW | 4.8 MEDIUM |
| The Interactive Medical Drawing of Human Body WordPress plugin before 2.6 does not sanitise and escape the Link field, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-0626 | 1 Kuroit | 1 Advanced Admin Search | 2022-06-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Advanced Admin Search WordPress plugin before 1.1.6 does not sanitize and escape some parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-31400 | 1 Helpdeskz | 1 Helpdeskz | 2022-06-18 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /staff/setup/email-addresses of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field. | |||||
| CVE-2022-1549 | 1 Wp Athletics Project | 1 Wp Athletics | 2022-06-18 | 3.5 LOW | 5.4 MEDIUM |
| The WP Athletics WordPress plugin through 1.1.7 does not sanitize parameters before storing them in the database, nor does it escape the values when outputting them back in the admin dashboard, leading to a Stored Cross-Site Scripting vulnerability. | |||||
| CVE-2022-1604 | 1 Mailerlite | 1 Mailerlite Signup Forms | 2022-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The MailerLite WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-1707 | 1 Gtm4wp | 1 Google Tag Manager | 2022-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Google Tag Manager for WordPress plugin for WordPress is vulnerable to reflected Cross-Site Scripting via the s parameter due to the site search populating into the data layer of sites with insufficient sanitization in versions up to an including 1.15. The affected file is ~/public/frontend.php and this could be exploited by unauthenticated attackers. | |||||
| CVE-2022-1710 | 1 Dwbooster | 1 Appointment Hour Booking | 2022-06-17 | 3.5 LOW | 4.8 MEDIUM |
| The Appointment Hour Booking WordPress plugin before 1.3.56 does not sanitise and escape a settings of its Calendar fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. | |||||
| CVE-2022-1724 | 1 Simple-membership-plugin | 1 Simple Membership | 2022-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Simple Membership WordPress plugin before 4.1.1 does not properly sanitise and escape parameters before outputting them back in AJAX actions, leading to Reflected Cross-Site Scripting | |||||
| CVE-2022-1532 | 1 Themify | 1 Woocommerce Product Filter | 2022-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Themify WordPress plugin before 1.3.8 does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-1335 | 1 Ceikay | 1 Slideshow Ck | 2022-06-17 | 3.5 LOW | 4.8 MEDIUM |
| The Slideshow CK WordPress plugin before 1.4.10 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed | |||||
| CVE-2022-1336 | 1 Ceikay | 1 Carousel Ck | 2022-06-17 | 3.5 LOW | 4.8 MEDIUM |
| The Carousel CK WordPress plugin through 1.1.0 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed | |||||
| CVE-2021-40902 | 1 Flatcore | 1 Flatcore-cms | 2022-06-17 | 3.5 LOW | 5.4 MEDIUM |
| flatCore-CMS version 2.0.8 is affected by Cross Site Scripting (XSS) in the "Create New Page" option through the index page. | |||||
| CVE-2022-31038 | 1 Gogs | 1 Gogs | 2022-06-17 | 3.5 LOW | 5.4 MEDIUM |
| Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes `DisplayName` prior to display to the user. All users of gogs are advised to upgrade. Users unable to upgrade should check their users' display names for malicious characters. | |||||
| CVE-2022-24876 | 1 Glpi-project | 1 Glpi | 2022-06-17 | 3.5 LOW | 5.4 MEDIUM |
| GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Kanban is a GLPI view to display Projects, Tickets, Changes or Problems on a task board. In versions prior to 10.0.1 a user can exploit a cross site scripting vulnerability in Kanban by injecting HTML code in its user name. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-2060 | 1 Dolibarr | 1 Dolibarr | 2022-06-17 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0. | |||||
| CVE-2017-20027 | 1 Humhub | 1 Humhub | 2022-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in HumHub up to 1.0.1 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting (DOM). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.1 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20026 | 1 Humhub | 1 Humhub | 2022-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability has been found in HumHub up to 1.0.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting (Reflected). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.1 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2021-41750 | 1 Nystudio107 | 1 Seomatic | 2022-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject arbitrary web script via a GET to /index.php?action=seomatic/file/seo-file-link with url parameter containing the base64 encoded URL of a malicious web page / file and fileName parameter containing an arbitrary filename with the intended content-type to be rendered in the user's browser as the extension. | |||||
| CVE-2017-20043 | 1 Navetti | 1 Pricepoint | 2022-06-17 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability was found in Navetti PricePoint 4.6.0.0 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting (Persistent). The attack may be launched remotely. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20044 | 1 Navetti | 1 Pricepoint | 2022-06-17 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been classified as problematic. This affects an unknown part. The manipulation leads to basic cross site scripting (Reflected). It is possible to initiate the attack remotely. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2022-27231 | 1 Veronalabs | 1 Wp Statistics | 2022-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product. | |||||
| CVE-2021-41502 | 1 Intelliants | 1 Subrion Cms | 2022-06-17 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute. | |||||
| CVE-2020-36544 | 1 Sialweb | 1 Sialweb Cms | 2022-06-17 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability has been found in SialWeb CMS and classified as problematic. This vulnerability affects unknown code of the component Search Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-31402 | 1 Combodo | 1 Itop | 2022-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/webservices/export-v2.php. | |||||
| CVE-2022-30611 | 2 Ibm, Linux | 2 Spectrum Copy Data Management, Linux Kernel | 2022-06-17 | 3.5 LOW | 5.4 MEDIUM |
| IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using some fields of the form in the portal UI to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 227364. | |||||
| CVE-2017-20033 | 1 Phplist | 1 Phplist | 2022-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in PHPList 3.2.6. This affects an unknown part of the file /lists/admin/. The manipulation of the argument page with the input send\'\";><script>alert(8)</script> leads to cross site scripting (Reflected). It is possible to initiate the attack remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20034 | 1 Phplist | 1 Phplist | 2022-06-17 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability classified as problematic was found in PHPList 3.2.6. This vulnerability affects unknown code of the file /lists/admin/ of the component List Name. The manipulation leads to cross site scripting (Persistent). The attack can be initiated remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20035 | 1 Phplist | 1 Phplist | 2022-06-17 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in PHPList 3.2.6. This issue affects some unknown processing of the file /lists/admin/ of the component Subscribe. The manipulation leads to cross site scripting (Persistent). The attack may be initiated remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20036 | 1 Phplist | 1 Phplist | 2022-06-17 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in PHPList 3.2.6. Affected is an unknown function of the file /lists/admin/ of the component Bounce Rule. The manipulation leads to cross site scripting (Persistent). It is possible to launch the attack remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2022-1005 | 1 Veronalabs | 1 Wp Statistics | 2022-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers which do not encode characters | |||||
| CVE-2022-1394 | 1 10web | 1 Photo Gallery | 2022-06-17 | 3.5 LOW | 4.8 MEDIUM |
| The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed | |||||
| CVE-2021-38267 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2022-06-16 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Blogs module's edit blog entry page in Liferay Portal 7.3.2 through 7.3.6, and Liferay DXP 7.3 before fix pack 2 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_blogs_web_portlet_BlogsAdminPortlet_title and _com_liferay_blogs_web_portlet_BlogsAdminPortlet_subtitle parameter. | |||||
| CVE-2019-25070 | 1 Wolfcms | 1 Wolf Cms | 2022-06-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WolfCMS up to 0.8.3.1. It has been rated as problematic. This issue affects some unknown processing of the file /wolfcms/?/admin/user/add of the component User Add. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2018-5280 | 1 Sonicwall | 8 Nsa 250m, Nsa 2600, Nsa 2650 and 5 more | 2022-06-16 | 3.5 LOW | 5.4 MEDIUM |
| SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens. | |||||
| CVE-2018-5281 | 1 Sonicwall | 8 Nsa 250m, Nsa 2600, Nsa 2650 and 5 more | 2022-06-16 | 3.5 LOW | 5.4 MEDIUM |
| SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens. | |||||
| CVE-2022-31470 | 1 Axigen | 1 Axigen Mobile Webmail | 2022-06-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content. | |||||
| CVE-2022-2022 | 1 Xgenecloud | 1 Nocodb | 2022-06-16 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7. | |||||
| CVE-2022-31497 | 1 Librehealth | 1 Librehealth Ehr | 2022-06-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS. | |||||
| CVE-2021-23648 | 2 Fedoraproject, Paypal | 2 Fedora, Braintree\/sanitize-url | 2022-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function. | |||||
| CVE-2022-2015 | 1 Diagrams | 1 Drawio | 2022-06-15 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 19.0.2. | |||||
| CVE-2022-2026 | 1 Kromit | 1 Titra | 2022-06-15 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository kromitgmbh/titra prior to 0.77.0. | |||||
| CVE-2021-44266 | 1 Gunet | 1 Open Eclass Platform | 2022-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter. | |||||
| CVE-2022-2029 | 1 Kromit | 1 Titra | 2022-06-15 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra prior to 0.77.0. | |||||
| CVE-2022-31398 | 1 Helpdeskz | 1 Helpdeskz | 2022-06-15 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /staff/tools/custom-fields of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field. | |||||
| CVE-2022-2036 | 1 Rosariosis | 1 Rosariosis | 2022-06-15 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1. | |||||
| CVE-2022-2028 | 1 Kromit | 1 Titra | 2022-06-15 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Generic in GitHub repository kromitgmbh/titra prior to 0.77.0. | |||||
| CVE-2022-32195 | 1 Edx | 1 Open Edx | 2022-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL. | |||||
| CVE-2022-2020 | 1 Prison Management System Project | 1 Prison Management System | 2022-06-15 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=system_info of the component System Name Handler. The manipulation with the input <img src="" onerror="alert(1)"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-29296 | 1 Avantune | 1 Genialcloud Proj | 2022-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in the login portal of Avantune Genialcloud ProJ - 10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||