Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40610 | 1 Emlog Pro Project | 1 Emlog Pro | 2022-06-15 | 3.5 LOW | 5.4 MEDIUM |
| Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro background management. | |||||
| CVE-2022-1673 | 1 Greenwallet | 1 Woocommerce Green Wallet Gateway | 2022-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WooCommerce Green Wallet Gateway WordPress plugin before 1.0.2 does not escape the error_envision query parameter before outputting it to the page, leading to a Reflected Cross-Site Scripting vulnerability. | |||||
| CVE-2022-1647 | 1 Ncrafts | 1 Formcraft | 2022-06-15 | 3.5 LOW | 4.8 MEDIUM |
| The FormCraft WordPress plugin before 1.2.6 does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-2035 | 1 Ltgplc | 1 Rustici Software Scorm Engine | 2022-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions < 20.1.45.914, 21.1.x < 21.1.7.219. The issue exists because there are no limitations on the domain or format of the url supplied by the user, allowing an attacker to craft malicious urls which can trigger a reflected XSS payload in the context of a victim's browser. | |||||
| CVE-2022-2016 | 1 Facturascripts | 1 Facturascripts | 2022-06-15 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.1. | |||||
| CVE-2022-1569 | 1 Pieforms | 1 Drag \& Drop Builder | 2022-06-15 | 3.5 LOW | 4.8 MEDIUM |
| The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed | |||||
| CVE-2022-1541 | 1 Richweb | 1 Video Slider | 2022-06-15 | 3.5 LOW | 4.8 MEDIUM |
| The Video Slider WordPress plugin before 1.4.8 does not sanitize or escape some of its video settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2022-1469 | 1 Fibosearch | 1 Fibosearch | 2022-06-15 | 3.5 LOW | 4.8 MEDIUM |
| The FiboSearch WordPress plugin before 1.17.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed | |||||
| CVE-2022-1506 | 1 Wp Born Babies Project | 1 Wp Born Babies | 2022-06-15 | 3.5 LOW | 5.4 MEDIUM |
| The WP Born Babies WordPress plugin through 1.0 does not sanitise and escape some of its fields, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks | |||||
| CVE-2022-30899 | 1 Partkeepr | 1 Partkeepr | 2022-06-15 | 3.5 LOW | 4.8 MEDIUM |
| A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the 'name' field in /api/part_categories. | |||||
| CVE-2022-30875 | 1 Dolibarr | 1 Dolibarr | 2022-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page. | |||||
| CVE-2022-1997 | 1 Rosariosis | 1 Rosariosis | 2022-06-14 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0. | |||||
| CVE-2022-1597 | 1 2code | 1 Wpqa Builder | 2022-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WPQA Builder WordPress plugin before 5.4, used as a companion for the Discy and Himer , does not sanitise and escape a parameter on its reset password form which makes it possible to perform Reflected Cross-Site Scripting attacks | |||||
| CVE-2022-1241 | 1 2code | 1 Ask Me | 2022-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues | |||||
| CVE-2022-31494 | 1 Librehealth | 1 Librehealth Ehr | 2022-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS. | |||||
| CVE-2020-6220 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2022-06-14 | 2.6 LOW | 4.7 MEDIUM |
| BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Exploit is possible only when the bttoken in victim’s session is active. | |||||
| CVE-2022-31493 | 1 Librehealth | 1 Librehealth Ehr | 2022-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS. | |||||
| CVE-2022-1991 | 1 Fast Food Ordering System Project | 1 Fast Food Ordering System | 2022-06-14 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability classified as problematic has been found in Fast Food Ordering System 1.0. Affected is the file Master.php of the Master List. The manipulation of the argument Description with the input foo "><img src="" onerror="alert(document.cookie)"> leads to cross site scripting. It is possible to launch the attack remotely but it requires authentication. Exploit details have been disclosed to the public. | |||||
| CVE-2022-28479 | 1 Seeddms | 1 Seeddms | 2022-06-14 | 3.5 LOW | 4.8 MEDIUM |
| SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS. An attacker with admin privileges can inject the payload inside the "Role management" menu and then trigger the payload by loading the "Users management" menu | |||||
| CVE-2022-31492 | 1 Librehealth | 1 Librehealth Ehr | 2022-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username. | |||||
| CVE-2021-43558 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2022-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk. | |||||
| CVE-2022-31495 | 1 Librehealth | 1 Librehealth Ehr | 2022-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS. | |||||
| CVE-2022-30861 | 1 Fudforum | 1 Fudforum | 2022-06-14 | 3.5 LOW | 4.8 MEDIUM |
| FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature. | |||||
| CVE-2021-42245 | 1 Flatcore | 1 Flatcore-cms | 2022-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| FlatCore-CMS 2.0.9 has a cross-site scripting (XSS) vulnerability in pages.edit.php through meta tags and content sections. | |||||
| CVE-2022-28051 | 1 Seeddms | 1 Seeddms | 2022-06-13 | 3.5 LOW | 5.4 MEDIUM |
| The "Add category" functionality inside the "Global Keywords" menu in "SeedDMS" version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code. | |||||
| CVE-2022-31498 | 1 Librehealth | 1 Librehealth Ehr | 2022-06-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS. | |||||
| CVE-2018-1999007 | 2 Jenkins, Oracle | 2 Jenkins, Communications Cloud Native Core Automated Test Suite | 2022-06-13 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in another user's browser when that other user views HTTP 404 error pages while Stapler debug mode is enabled. | |||||
| CVE-2018-1999005 | 2 Jenkins, Oracle | 2 Jenkins, Communications Cloud Native Core Automated Test Suite | 2022-06-13 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in BuildTimelineWidget.java, BuildTimelineWidget/control.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other user performs some UI actions. | |||||
| CVE-2022-30863 | 1 Fudforum | 1 Fudforum | 2022-06-13 | 3.5 LOW | 4.8 MEDIUM |
| FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_title param in Page Manager in the Admin Control Panel. | |||||
| CVE-2019-1003050 | 3 Jenkins, Oracle, Redhat | 3 Jenkins, Communications Cloud Native Core Automated Test Suite, Openshift Container Platform | 2022-06-13 | 3.5 LOW | 5.4 MEDIUM |
| The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names. | |||||
| CVE-2019-10383 | 3 Jenkins, Oracle, Redhat | 3 Jenkins, Communications Cloud Native Core Automated Test Suite, Openshift Container Platform | 2022-06-13 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages. | |||||
| CVE-2022-1940 | 1 Gitlab | 1 Gitlab | 2022-06-13 | 3.5 LOW | 5.4 MEDIUM |
| A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues | |||||
| CVE-2022-29770 | 1 Xuxueli | 1 Xxl-job | 2022-06-13 | 3.5 LOW | 5.4 MEDIUM |
| XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo. | |||||
| CVE-2022-26866 | 1 Dell | 1 Powerstoreos | 2022-06-13 | 3.5 LOW | 5.5 MEDIUM |
| Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site Scripting vulnerability. A high privileged network attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | |||||
| CVE-2022-30596 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2022-06-13 | 3.5 LOW | 5.4 MEDIUM |
| A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk. | |||||
| CVE-2022-29710 | 1 Limesurvey | 1 Limesurvey | 2022-06-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin. | |||||
| CVE-2021-25086 | 1 Advanced Page Visit Counter Project | 1 Advanced Page Visit Counter | 2022-06-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Advanced Page Visit Counter WordPress plugin before 6.1.2 does not sanitise and escape some input before outputting it in an admin dashboard page, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admins viewing it | |||||
| CVE-2022-30429 | 1 Neos | 1 Neos Cms | 2022-06-13 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title. The vulnerabilities were found in versions 3.3.29 and 8.0.1 and could also be present in all intermediate versions. | |||||
| CVE-2022-1988 | 1 Facturascripts | 1 Facturascripts | 2022-06-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Generic in GitHub repository neorazorx/facturascripts prior to 2022.09. | |||||
| CVE-2022-1980 | 1 Product Show Room Site Project | 1 Product Show Room Site | 2022-06-11 | N/A | N/A |
| A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been rated as problematic. This issue affects the file /admin/?page=system_info/contact_info. The manipulation of the textbox Telephone with the input <script>alert(1)</script> leads to cross site scripting. The attack may be initiated remotely but requires authentication. Exploit details have been disclosed to the public. | |||||
| CVE-2020-36527 | 1 Aptis-solutions | 1 Server Status | 2022-06-11 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Server Status. This issue affects some unknown processing of the component HTTP Status/SMTP Status. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2020-36526 | 1 Akeles | 1 Countdown Timer | 2022-06-11 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability classified as problematic was found in Countdown Timer. This vulnerability affects unknown code of the component Macro Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2020-36525 | 1 Servicerocket | 1 Linking | 2022-06-11 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability classified as problematic has been found in Linking. This affects an unknown part of the component New Windows Macro. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2020-36524 | 1 Refined | 1 Refined Toolkit | 2022-06-11 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability was found in Refined Toolkit. It has been rated as problematic. Affected by this issue is some unknown functionality of the component UI-Image/UI-Button. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2020-36523 | 1 Avono | 1 Plantuml | 2022-06-11 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability was found in PlantUML 6.43. It has been declared as problematic. Affected by this vulnerability is the component Database Information Macro. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-26497 | 1 Bigbluebutton | 1 Greenlight | 2022-06-11 | 3.5 LOW | 5.4 MEDIUM |
| BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have a username containing a JavaScript payload. The payload gets executed in the browser of the victim in the "Share room access" dialog if the victim has shared access to the particular room with the attacker previously. | |||||
| CVE-2021-38221 | 1 Bbs-go Project | 1 Bbs-go | 2022-06-10 | 3.5 LOW | 5.4 MEDIUM |
| bbs-go <= 3.3.0 including Custom Edition is vulnerable to stored XSS. | |||||
| CVE-2022-30514 | 1 School Dormitory Management System Project | 1 School Dormitory Management System | 2022-06-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:126. | |||||
| CVE-2022-30513 | 1 School Dormitory Management System Project | 1 School Dormitory Management System | 2022-06-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:125 | |||||
| CVE-2022-30482 | 1 Ecommerce-project-with-php-and-mysqli-fruits-bazar Project | 1 Ecommerce-project-with-php-and-mysqli-fruits-bazar | 2022-06-10 | 3.5 LOW | 4.8 MEDIUM |
| Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- 1.0 is vulnerable to Cross Site Scripting (XSS) in \admin\add_cata.php via the ctg_name parameters. | |||||