Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-20033 | 1 Phplist | 1 Phplist | 2022-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in PHPList 3.2.6. This affects an unknown part of the file /lists/admin/. The manipulation of the argument page with the input send\'\";><script>alert(8)</script> leads to cross site scripting (Reflected). It is possible to initiate the attack remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20034 | 1 Phplist | 1 Phplist | 2022-06-17 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability classified as problematic was found in PHPList 3.2.6. This vulnerability affects unknown code of the file /lists/admin/ of the component List Name. The manipulation leads to cross site scripting (Persistent). The attack can be initiated remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20035 | 1 Phplist | 1 Phplist | 2022-06-17 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in PHPList 3.2.6. This issue affects some unknown processing of the file /lists/admin/ of the component Subscribe. The manipulation leads to cross site scripting (Persistent). The attack may be initiated remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20036 | 1 Phplist | 1 Phplist | 2022-06-17 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in PHPList 3.2.6. Affected is an unknown function of the file /lists/admin/ of the component Bounce Rule. The manipulation leads to cross site scripting (Persistent). It is possible to launch the attack remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2022-1005 | 1 Veronalabs | 1 Wp Statistics | 2022-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers which do not encode characters | |||||
| CVE-2022-1394 | 1 10web | 1 Photo Gallery | 2022-06-17 | 3.5 LOW | 4.8 MEDIUM |
| The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed | |||||
| CVE-2021-38267 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2022-06-16 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Blogs module's edit blog entry page in Liferay Portal 7.3.2 through 7.3.6, and Liferay DXP 7.3 before fix pack 2 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_blogs_web_portlet_BlogsAdminPortlet_title and _com_liferay_blogs_web_portlet_BlogsAdminPortlet_subtitle parameter. | |||||
| CVE-2019-25070 | 1 Wolfcms | 1 Wolf Cms | 2022-06-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WolfCMS up to 0.8.3.1. It has been rated as problematic. This issue affects some unknown processing of the file /wolfcms/?/admin/user/add of the component User Add. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2018-5280 | 1 Sonicwall | 8 Nsa 250m, Nsa 2600, Nsa 2650 and 5 more | 2022-06-16 | 3.5 LOW | 5.4 MEDIUM |
| SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens. | |||||
| CVE-2018-5281 | 1 Sonicwall | 8 Nsa 250m, Nsa 2600, Nsa 2650 and 5 more | 2022-06-16 | 3.5 LOW | 5.4 MEDIUM |
| SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens. | |||||
| CVE-2022-31470 | 1 Axigen | 1 Axigen Mobile Webmail | 2022-06-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content. | |||||
| CVE-2014-2589 | 1 Sonicwall | 1 Nsa 2400 | 2022-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Dashboard Backend service (stats/dashboard.jsp) in SonicWall Network Security Appliance (NSA) 2400 allows remote attackers to inject arbitrary web script or HTML via the sn parameter. | |||||
| CVE-2022-2022 | 1 Xgenecloud | 1 Nocodb | 2022-06-16 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7. | |||||
| CVE-2022-31497 | 1 Librehealth | 1 Librehealth Ehr | 2022-06-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS. | |||||
| CVE-2021-23648 | 2 Fedoraproject, Paypal | 2 Fedora, Braintree\/sanitize-url | 2022-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function. | |||||
| CVE-2022-2015 | 1 Diagrams | 1 Drawio | 2022-06-15 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 19.0.2. | |||||
| CVE-2022-2026 | 1 Kromit | 1 Titra | 2022-06-15 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository kromitgmbh/titra prior to 0.77.0. | |||||
| CVE-2021-44266 | 1 Gunet | 1 Open Eclass Platform | 2022-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter. | |||||
| CVE-2022-2029 | 1 Kromit | 1 Titra | 2022-06-15 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra prior to 0.77.0. | |||||
| CVE-2022-31398 | 1 Helpdeskz | 1 Helpdeskz | 2022-06-15 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /staff/tools/custom-fields of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field. | |||||
| CVE-2022-2036 | 1 Rosariosis | 1 Rosariosis | 2022-06-15 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1. | |||||
| CVE-2022-2028 | 1 Kromit | 1 Titra | 2022-06-15 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Generic in GitHub repository kromitgmbh/titra prior to 0.77.0. | |||||
| CVE-2022-32195 | 1 Edx | 1 Open Edx | 2022-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL. | |||||
| CVE-2022-2020 | 1 Prison Management System Project | 1 Prison Management System | 2022-06-15 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=system_info of the component System Name Handler. The manipulation with the input <img src="" onerror="alert(1)"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-29296 | 1 Avantune | 1 Genialcloud Proj | 2022-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in the login portal of Avantune Genialcloud ProJ - 10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2021-40610 | 1 Emlog Pro Project | 1 Emlog Pro | 2022-06-15 | 3.5 LOW | 5.4 MEDIUM |
| Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro background management. | |||||
| CVE-2022-1673 | 1 Greenwallet | 1 Woocommerce Green Wallet Gateway | 2022-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WooCommerce Green Wallet Gateway WordPress plugin before 1.0.2 does not escape the error_envision query parameter before outputting it to the page, leading to a Reflected Cross-Site Scripting vulnerability. | |||||
| CVE-2022-1647 | 1 Ncrafts | 1 Formcraft | 2022-06-15 | 3.5 LOW | 4.8 MEDIUM |
| The FormCraft WordPress plugin before 1.2.6 does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-2035 | 1 Ltgplc | 1 Rustici Software Scorm Engine | 2022-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions < 20.1.45.914, 21.1.x < 21.1.7.219. The issue exists because there are no limitations on the domain or format of the url supplied by the user, allowing an attacker to craft malicious urls which can trigger a reflected XSS payload in the context of a victim's browser. | |||||
| CVE-2022-2016 | 1 Facturascripts | 1 Facturascripts | 2022-06-15 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.1. | |||||
| CVE-2022-1569 | 1 Pieforms | 1 Drag \& Drop Builder | 2022-06-15 | 3.5 LOW | 4.8 MEDIUM |
| The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed | |||||
| CVE-2022-1541 | 1 Richweb | 1 Video Slider | 2022-06-15 | 3.5 LOW | 4.8 MEDIUM |
| The Video Slider WordPress plugin before 1.4.8 does not sanitize or escape some of its video settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2022-1469 | 1 Fibosearch | 1 Fibosearch | 2022-06-15 | 3.5 LOW | 4.8 MEDIUM |
| The FiboSearch WordPress plugin before 1.17.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed | |||||
| CVE-2022-1506 | 1 Wp Born Babies Project | 1 Wp Born Babies | 2022-06-15 | 3.5 LOW | 5.4 MEDIUM |
| The WP Born Babies WordPress plugin through 1.0 does not sanitise and escape some of its fields, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks | |||||
| CVE-2022-30899 | 1 Partkeepr | 1 Partkeepr | 2022-06-15 | 3.5 LOW | 4.8 MEDIUM |
| A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the 'name' field in /api/part_categories. | |||||
| CVE-2022-30875 | 1 Dolibarr | 1 Dolibarr | 2022-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page. | |||||
| CVE-2022-1997 | 1 Rosariosis | 1 Rosariosis | 2022-06-14 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0. | |||||
| CVE-2022-1597 | 1 2code | 1 Wpqa Builder | 2022-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WPQA Builder WordPress plugin before 5.4, used as a companion for the Discy and Himer , does not sanitise and escape a parameter on its reset password form which makes it possible to perform Reflected Cross-Site Scripting attacks | |||||
| CVE-2022-1241 | 1 2code | 1 Ask Me | 2022-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues | |||||
| CVE-2022-31494 | 1 Librehealth | 1 Librehealth Ehr | 2022-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS. | |||||
| CVE-2020-6220 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2022-06-14 | 2.6 LOW | 4.7 MEDIUM |
| BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Exploit is possible only when the bttoken in victim’s session is active. | |||||
| CVE-2022-31493 | 1 Librehealth | 1 Librehealth Ehr | 2022-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS. | |||||
| CVE-2022-1991 | 1 Fast Food Ordering System Project | 1 Fast Food Ordering System | 2022-06-14 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability classified as problematic has been found in Fast Food Ordering System 1.0. Affected is the file Master.php of the Master List. The manipulation of the argument Description with the input foo "><img src="" onerror="alert(document.cookie)"> leads to cross site scripting. It is possible to launch the attack remotely but it requires authentication. Exploit details have been disclosed to the public. | |||||
| CVE-2022-28479 | 1 Seeddms | 1 Seeddms | 2022-06-14 | 3.5 LOW | 4.8 MEDIUM |
| SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS. An attacker with admin privileges can inject the payload inside the "Role management" menu and then trigger the payload by loading the "Users management" menu | |||||
| CVE-2022-31492 | 1 Librehealth | 1 Librehealth Ehr | 2022-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username. | |||||
| CVE-2021-43558 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2022-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk. | |||||
| CVE-2022-31495 | 1 Librehealth | 1 Librehealth Ehr | 2022-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS. | |||||
| CVE-2022-30861 | 1 Fudforum | 1 Fudforum | 2022-06-14 | 3.5 LOW | 4.8 MEDIUM |
| FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature. | |||||
| CVE-2021-42245 | 1 Flatcore | 1 Flatcore-cms | 2022-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| FlatCore-CMS 2.0.9 has a cross-site scripting (XSS) vulnerability in pages.edit.php through meta tags and content sections. | |||||
| CVE-2022-28051 | 1 Seeddms | 1 Seeddms | 2022-06-13 | 3.5 LOW | 5.4 MEDIUM |
| The "Add category" functionality inside the "Global Keywords" menu in "SeedDMS" version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code. | |||||