Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31873 | 1 Trendnet | 2 Tv-ip110wn, Tv-ip110wn Firmware | 2022-06-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an XSS vulnerability via the prefix parameter in /admin/general.cgi. | |||||
| CVE-2022-2113 | 1 Inventree | 1 Inventree | 2022-06-27 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.7.2. | |||||
| CVE-2021-45026 | 1 Rocketsoftware | 1 Ags-zena | 2022-06-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| ASG technologies ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2022-29548 | 1 Wso2 | 9 Api Manager, Api Manager Analytics, Api Microgateway and 6 more | 2022-06-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro Integrator 1.0.0. | |||||
| CVE-2022-30326 | 1 Trendnet | 2 Tew-831dr, Tew-831dr Firmware | 2022-06-27 | 3.5 LOW | 5.4 MEDIUM |
| An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The network pre-shared key field on the web interface is vulnerable to XSS. An attacker can use a simple XSS payload to crash the basic.config page of the web interface. | |||||
| CVE-2022-31299 | 1 Angtech | 1 Haraj | 2022-06-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Haraj v3.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the User Upgrade Form. | |||||
| CVE-2022-31734 | 1 Cisco | 4 Ws-c2940-8tf-s, Ws-c2940-8tf-s Firmware, Ws-c2940-8tt-s and 1 more | 2022-06-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** Unsupported When Assigned ** Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc. contain a reflected cross-site scripting vulnerability regarding error page generation. An arbitrary script may be executed on the web browser of the user who is using the product. The affected firmware is prior to 12.2(50)SY released in 2011, and Cisco Catalyst 2940 Series Switches have been retired since January 2015. | |||||
| CVE-2022-25772 | 1 Acquia | 1 Mautic | 2022-06-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the web tracking component of Mautic before 4.3.0 allows remote attackers to inject executable javascript | |||||
| CVE-2021-33295 | 1 Joplin Project | 1 Joplin | 2022-06-27 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html. | |||||
| CVE-2021-36608 | 1 Webtareas Project | 1 Webtareas | 2022-06-27 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /projects/editproject.php. | |||||
| CVE-2021-36609 | 1 Webtareas Project | 1 Webtareas | 2022-06-27 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /linkedcontent/editfolder.php. | |||||
| CVE-2021-36827 | 1 Ninjaforms | 1 Ninja Forms | 2022-06-27 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Saturday Drive's Ninja Forms Contact Form plugin <= 3.6.9 at WordPress via "label". | |||||
| CVE-2022-31301 | 1 Angtech | 1 Haraj | 2022-06-27 | 3.5 LOW | 5.4 MEDIUM |
| Haraj v3.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Post Ads component. | |||||
| CVE-2021-41420 | 1 Maianmedia | 1 Maianaffiliate | 2022-06-27 | 3.5 LOW | 5.4 MEDIUM |
| A stored XSS vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker for arbitrary JavaScript code execution in the context of authenticated and unauthenticated users through the MaianAffiliate admin panel. | |||||
| CVE-2022-31300 | 1 Angtech | 1 Haraj | 2022-06-27 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability in the DM Section component of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. | |||||
| CVE-2022-31298 | 1 Angtech | 1 Haraj | 2022-06-27 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability in the ads comment section of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. | |||||
| CVE-2021-41663 | 1 1234n | 1 Minicms | 2022-06-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability exists in Mini CMS V1.11. The vulnerability exists in the article upload: post-edit.php page. | |||||
| CVE-2022-29455 | 1 Elementor | 1 Website Builder | 2022-06-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions. | |||||
| CVE-2016-1229 | 1 Humhub | 1 Humhub | 2022-06-27 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in HumHub 0.20.0-beta.1 through 0.20.1 and 1.0.0-beta before 1.0.0-beta.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2022-30533 | 1 Webnus | 1 Modern Events Calendar Lite | 2022-06-27 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2022-31906 | 1 Online Fire Reporting System Project | 1 Online Fire Reporting System | 2022-06-27 | 3.5 LOW | 4.8 MEDIUM |
| Online Fire Reporting System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ofrs/classes/Master.php. | |||||
| CVE-2022-31910 | 1 Online Tutor Portal Site Project | 1 Online Tutor Portal Site | 2022-06-27 | 3.5 LOW | 4.8 MEDIUM |
| Online Tutor Portal Site v1.0 is vulnerable to Cross Site Scripting (XSS). via /otps/classes/Master.php. | |||||
| CVE-2022-31913 | 1 Online Discussion Forum Site Project | 1 Online Discussion Forum Site | 2022-06-27 | 3.5 LOW | 4.8 MEDIUM |
| Online Discussion Forum Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /odfs/classes/Master.php?f=save_category, name. | |||||
| CVE-2022-29442 | 1 Private Messages Project | 1 Private Messages | 2022-06-27 | 3.5 LOW | 5.4 MEDIUM |
| Authenticated (subscriber or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Messages For WordPress <= 2.1.10 at WordPress. | |||||
| CVE-2022-29440 | 1 Promotion Slider Project | 1 Promotion Slider | 2022-06-27 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Promotion Slider plugin <= 3.3.4 at WordPress. | |||||
| CVE-2022-28202 | 1 Mediawiki | 1 Mediawiki | 2022-06-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete. | |||||
| CVE-2022-21938 | 1 Johnsoncontrols | 3 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Open Application Server | 2022-06-24 | 3.5 LOW | 5.4 MEDIUM |
| Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the MUI Graphics web interface. | |||||
| CVE-2022-21937 | 1 Johnsoncontrols | 3 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Open Application Server | 2022-06-24 | 2.1 LOW | 5.4 MEDIUM |
| Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the web interface. | |||||
| CVE-2017-20047 | 1 Axis | 12 M3005, M3005 Firmware, M3007 and 9 more | 2022-06-24 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability classified as problematic was found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | |||||
| CVE-2022-29452 | 1 Atlasgondal | 1 Export All Urls | 2022-06-24 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (editor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Export All URLs plugin <= 4.1 at WordPress. | |||||
| CVE-2022-32280 | 1 Xakuro | 1 Xo Slider | 2022-06-24 | 3.5 LOW | 5.4 MEDIUM |
| Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Xakuro's XO Slider plugin <= 3.3.2 at WordPress. | |||||
| CVE-2022-28612 | 1 Custom Popup Builder Project | 1 Custom Popup Builder | 2022-06-24 | 3.5 LOW | 5.4 MEDIUM |
| Improper Access Control vulnerability leading to multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Muneeb's Custom Popup Builder plugin <= 1.3.1 at WordPress. | |||||
| CVE-2022-24004 | 1 Vanderbilt | 1 Redcap | 2022-06-24 | 3.5 LOW | 5.4 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Messenger/messenger_ajax.php in REDCap 12.0.11. This issue allows any authenticated user to inject arbitrary code into the messenger title (aka new_title) field when editing an existing conversation. The payload executes in the browser of any conversation participant with the sidebar shown. | |||||
| CVE-2022-29618 | 1 Sap | 1 Netweaver Development Infrastructure | 2022-06-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | |||||
| CVE-2022-24127 | 1 Vanderbilt | 1 Redcap | 2022-06-24 | 3.5 LOW | 5.4 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability was discovered in ProjectGeneral/edit_project_settings.php in REDCap 12.0.11. This issue allows any user with project management permissions to inject arbitrary code into the project title (app_title) field when editing an existing project. The payload is then reflected within the title tag of the page. | |||||
| CVE-2022-29443 | 1 Nicdark | 1 Hotel Booking | 2022-06-24 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark's Hotel Booking plugin <= 3.0 at WordPress. | |||||
| CVE-2021-41415 | 1 Subscription-manager Project | 1 Subscription-manager | 2022-06-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Subscription-Manager v1.0 /main.js has a cross-site scripting (XSS) vulnerability in the machineDetail parameter. | |||||
| CVE-2022-30903 | 1 Nokia | 2 G-2425g-a, G-2425g-a Firmware | 2022-06-23 | 3.5 LOW | 4.8 MEDIUM |
| Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA" Software Version "3FE49362IJHK42" is vulnerable to Cross-Site Scripting (XSS) via the admin->Maintenance>Device Management. | |||||
| CVE-2022-2087 | 1 Bank Management System Project | 1 Bank Management System | 2022-06-23 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SourceCodester Bank Management System 1.0. This affects the file /mnotice.php?id=2. The manipulation of the argument notice with the input <script>alert(1)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2021-36901 | 1 Asylumdigital | 1 Age Gate | 2022-06-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Phil Baker's Age Gate plugin <= 2.17.0 at WordPress. | |||||
| CVE-2022-31059 | 1 Discourse | 1 Discourse Calendar | 2022-06-23 | 2.1 LOW | 5.4 MEDIUM |
| Discourse Calendar is a calendar plugin for Discourse, an open-source messaging app. Prior to version 1.0.1, parsing and rendering of Event names can be susceptible to cross-site scripting (XSS) attacks. This vulnerability only affects sites which have modified or disabled Discourse’s default Content Security Policy. This issue is patched in version 1.0.1 of the Discourse Calendar plugin. As a workaround, ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks. | |||||
| CVE-2022-27859 | 1 Nicdark | 1 Nd-travel | 2022-06-23 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark d.o.o. Travel Management plugin <= 2.0 at WordPress. | |||||
| CVE-2022-29406 | 1 Dynamicweblab | 1 Wp-team-manager | 2022-06-23 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in DynamicWebLab's WordPress Team Manager plugin <= 1.6.9 at WordPress. | |||||
| CVE-2005-1006 | 1 Sonicwall | 2 Soho, Soho Firmware | 2022-06-23 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file. | |||||
| CVE-2021-40910 | 1 Phpcms | 1 Phpcms | 2022-06-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a reflective cross-site scripting (XSS) vulnerability in the PHPCMS V9.6.3 management side. | |||||
| CVE-2022-29485 | 1 Ss-proj | 1 Shirasagi | 2022-06-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2022-32286 | 1 Mendix | 1 Saml | 2022-06-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). In certain configurations SAML module is vulnerable to Cross Site Scripting (XSS) attacks due to insufficient error message sanitation. This could allow an attacker to execute malicious code by tricking users into accessing a malicious link. | |||||
| CVE-2022-29438 | 1 Nextcode | 1 Image Slider By Nextcode | 2022-06-23 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (author or higher user role) Persistent Cross-Site Scripting (XSS) vulnerability in Image Slider by NextCode plugin <= 1.1.2 at WordPress. | |||||
| CVE-2022-31048 | 1 Typo3 | 1 Typo3 | 2022-06-23 | 3.5 LOW | 5.4 MEDIUM |
| TYPO3 is an open source web content management system. Prior to versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. TYPO3 versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem. | |||||
| CVE-2022-31049 | 1 Typo3 | 1 Typo3 | 2022-06-23 | 3.5 LOW | 5.4 MEDIUM |
| TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem. | |||||