Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20666 | 1 Cisco | 1 Common Services Platform Collector | 2022-06-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | |||||
| CVE-2022-29362 | 1 Zkeacms | 1 Zkeacms | 2022-06-03 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /navigation/create?ParentID=%23 of ZKEACMS v3.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ParentID parameter. | |||||
| CVE-2021-32542 | 1 Sysjust | 1 Cts Web | 2022-06-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| The parameters of the specific functions in the CTS Web trading system do not filter special characters, which allows unauthenticated attackers can remotely perform reflected XSS and obtain the users’ connection token that triggered the attack. | |||||
| CVE-2021-42233 | 2 Simple Blog Project, Wondercms | 2 Simple Blog, Wondercms | 2022-06-03 | 3.5 LOW | 5.4 MEDIUM |
| The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting (XSS) vulnerability. When any user opens a particular blog hosted on an attackers' site, XSS may occur. | |||||
| CVE-2022-1909 | 1 Organizr | 1 Organizr | 2022-06-03 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200. | |||||
| CVE-2022-1817 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-06-03 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in Badminton Center Management System. This affects the userlist module at /bcms/admin/?page=user/list. The manipulation of the argument username with the input </td><img src="" onerror="alert(1)"><td>1 leads to an authenticated cross site scripting. Exploit details have been disclosed to the public. | |||||
| CVE-2021-38695 | 1 Softvibe | 1 Saraban | 2022-06-03 | 3.5 LOW | 5.4 MEDIUM |
| SoftVibe SARABAN for INFOMA 1.1 is vulnerable to stored cross-site scripting (XSS) that allows users to store scripts in certain fields (e.g. subject, description) of the document form. | |||||
| CVE-2021-21087 | 1 Adobe | 1 Coldfusion | 2022-06-03 | 3.5 LOW | 5.4 MEDIUM |
| Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code in context of the current user. Exploitation of this issue requires user interaction. | |||||
| CVE-2022-30494 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2022-06-03 | 3.5 LOW | 5.4 MEDIUM |
| In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs. | |||||
| CVE-2022-0900 | 1 Netdatasoft | 1 Divvy Drive | 2022-06-02 | 3.5 LOW | 5.4 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability in DivvyDrive's "aciklama" parameter could allow anyone to gain users' session informations. | |||||
| CVE-2022-1811 | 1 Publify Project | 1 Publify | 2022-06-02 | 3.5 LOW | 5.4 MEDIUM |
| Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9. | |||||
| CVE-2022-1819 | 1 Student Information System Project | 1 Student Information System | 2022-06-02 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability, which was classified as problematic, was found in Student Information System 1.0. Affected is admin/?page=students of the Student Roll module. The manipulation with the input <script>alert(1)</script> leads to authenticated cross site scripting. Exploit details have been disclosed to the public. | |||||
| CVE-2021-38946 | 1 Ibm | 1 Cognos Analytics | 2022-06-02 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211240. | |||||
| CVE-2022-1163 | 1 Mineweb | 1 Minewebcms | 2022-06-02 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository mineweb/minewebcms prior to next. | |||||
| CVE-2022-25611 | 1 Presstigers | 1 Simple Event Planner | 2022-06-02 | 3.5 LOW | 5.4 MEDIUM |
| Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin <= 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &custom[add_seg][]. | |||||
| CVE-2022-29380 | 1 Creativeitem | 1 Academy Lms | 2022-06-02 | 3.5 LOW | 4.8 MEDIUM |
| Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel. | |||||
| CVE-2022-1840 | 1 Home Clean Services Management System Project | 1 Home Clean Services Management System | 2022-06-02 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Home Clean Services Management System 1.0. This issue affects register.php?link=registerand. The manipulation with the input <script>alert(1)</script> leads to cross site scripting. The attack may be initiated remotely but demands authentication. Exploit details have been disclosed to the public. | |||||
| CVE-2022-25612 | 1 Presstigers | 1 Simple Event Planner | 2022-06-02 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin <= 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &custom[event_organiser], &custom[organiser_email], &custom[organiser_contact]. | |||||
| CVE-2020-3902 | 1 Apple | 6 Icloud, Ipad Os, Iphone Os and 3 more | 2022-06-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack. | |||||
| CVE-2022-1416 | 1 Gitlab | 1 Gitlab | 2022-06-02 | 3.5 LOW | 5.4 MEDIUM |
| Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows for rendering of attacker controlled HTML tags and CSS styling | |||||
| CVE-2022-28717 | 1 Meikyo | 30 Poe Boot Nino Poe8m2, Poe Boot Nino Poe8m2 Firmware, Pose Se10-8a7b1 and 27 more | 2022-06-02 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, WATCH BOOT mini RPC-M4H [End of Sale] all firmware versions, WATCH BOOT nino RPC-M2CS firmware version 1.00A to 1.00D, WATCH BOOT light RPC-M5CS firmware version 1.00A to 1.00D, WATCH BOOT L-zero RPC-M4LS firmware version 1.00A to 1.20A, and Signage Rebooter RPC-M4HSi firmware version 1.00A), PoE Rebooter(PoE BOOT nino PoE8M2 firmware version 1.00A to 1.20A), Scheduler(TIME BOOT mini RSC-MT4H [End of Sale] all firmware versions, TIME BOOT RSC-MT8F [End of Sale] all firmware versions, TIME BOOT RSC-MT8FP [End of Sale] all firmware versions, TIME BOOT mini RSC-MT4HS firmware version 1.00A to 1.10A, and TIME BOOT RSC-MT8FS firmware version 1.00A to 1.00E), and Contact Converter(POSE SE10-8A7B1 firmware version 1.00A to 1.20A) allows a remote attacker with the administrative privilege to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2022-29882 | 1 Siemens | 72 7kg8500-0aa00-0aa0, 7kg8500-0aa00-0aa0 Firmware, 7kg8500-0aa00-2aa0 and 69 more | 2022-06-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not handle uploaded files correctly. An unauthenticated attacker could take advantage of this situation to store an XSS attack, which could - when a legitimate user accesses the error logs - perform arbitrary actions in the name of the user. | |||||
| CVE-2022-29880 | 1 Siemens | 72 7kg8500-0aa00-0aa0, 7kg8500-0aa00-0aa0 Firmware, 7kg8500-0aa00-2aa0 and 69 more | 2022-06-02 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not properly validate input in the configuration interface. This could allow an authenticated attacker to place persistent XSS attacks to perform arbitrary actions in the name of a logged user which accesses the affected views. | |||||
| CVE-2022-29426 | 1 2joomla | 1 2j Slideshow | 2022-06-02 | 3.5 LOW | 5.4 MEDIUM |
| Authenticated (contributor or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in 2J Slideshow Team's Slideshow, Image Slider by 2J plugin <= 1.3.54 at WordPress. | |||||
| CVE-2022-29230 | 1 Shopify | 1 Hydrogen | 2022-06-01 | 3.5 LOW | 5.4 MEDIUM |
| Hydrogen is a React-based framework for building dynamic, Shopify-powered custom storefronts. There is a potential Cross-Site Scripting (XSS) vulnerability where an arbitrary user is able to execute scripts on pages that are built with Hydrogen. This affects all versions of Hydrogen starting from version 0.10.0 to 0.18.0. This vulnerability is exploitable in applications whose hydrating data is user controlled. All Hydrogen users should upgrade their project to version 0.19.0. There is no current workaround, and users should update as soon as possible. Additionally, the Content Security Policy is not an effective mitigation for this vulnerability. | |||||
| CVE-2022-29349 | 1 Keking | 1 Kkfileview | 2022-06-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| kkFileView v4.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java. | |||||
| CVE-2021-42656 | 1 Sscms | 1 Siteserver Cms | 2022-06-01 | 3.5 LOW | 5.4 MEDIUM |
| SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability. | |||||
| CVE-2022-29408 | 1 Vsourz | 1 Advanced Cf7 Db | 2022-06-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin <= 1.8.7 at WordPress. | |||||
| CVE-2021-43728 | 1 Pix-link | 2 Lv-wr09, Lv-wr09 Firmware | 2022-05-31 | 3.5 LOW | 5.4 MEDIUM |
| Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain a stored cross-site scripting (XSS) vulnerability due to an unsanitized SSID parameter. | |||||
| CVE-2021-43729 | 1 Pix-link | 2 Lv-wr09, Lv-wr09 Firmware | 2022-05-31 | 3.5 LOW | 5.4 MEDIUM |
| Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain a stored cross-site scripting (XSS) vulnerability due to an unsanitized Security Key parameter. | |||||
| CVE-2021-39043 | 1 Ibm | 1 Jazz Team Server | 2022-05-31 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214032. | |||||
| CVE-2022-25224 | 1 Proton Project | 1 Proton | 2022-05-31 | 3.5 LOW | 5.4 MEDIUM |
| Proton v0.2.0 allows an attacker to create a malicious link inside a markdown file. When the victim clicks the link, the application opens the site in the current frame allowing an attacker to host JavaScript code in the malicious link in order to trigger an XSS attack. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands. | |||||
| CVE-2022-25229 | 1 Popcorn Time Project | 1 Popcorn Time | 2022-05-31 | 3.5 LOW | 5.4 MEDIUM |
| Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Server(s)' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands. | |||||
| CVE-2022-22777 | 1 Tibco | 1 Businessconnect Trading Community Management | 2022-05-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow an unauthenticated attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below. | |||||
| CVE-2022-22776 | 1 Tibco | 1 Businessconnect Trading Community Management | 2022-05-31 | 3.5 LOW | 5.4 MEDIUM |
| The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains easily exploitable vulnerabilities that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using these vulnerabilities requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below. | |||||
| CVE-2022-30837 | 1 Toll Tax Management System Project | 1 Toll Tax Management System | 2022-05-30 | 3.5 LOW | 5.4 MEDIUM |
| Toll-tax-management-system v1.0 is vulnerable to Cross Site Scripting (XSS) via /ttms/classes/Master.php?f=save_recipient, vehicle_name. | |||||
| CVE-2022-30015 | 1 Simple Food Website Project | 1 Simple Food Website | 2022-05-30 | 3.5 LOW | 5.4 MEDIUM |
| In Simple Food Website 1.0, a moderation can put the Cross Site Scripting Payload in any of the fields on http://127.0.0.1:1234/food/admin/all_users.php like Full Username, etc .This causes stored xss. | |||||
| CVE-2022-30017 | 1 Rescue Dispatch Management System Project | 1 Rescue Dispatch Management System | 2022-05-30 | 3.5 LOW | 5.4 MEDIUM |
| Rescue Dispatch Management System 1.0 suffers from Stored XSS, leading to admin account takeover via cookie stealing. | |||||
| CVE-2022-1558 | 1 Curtain Project | 1 Curtain | 2022-05-30 | 3.5 LOW | 4.8 MEDIUM |
| The Curtain WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed | |||||
| CVE-2022-1547 | 1 Wpchill | 1 Check \& Log Email | 2022-05-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Check & Log Email WordPress plugin before 1.0.6 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-1320 | 1 10web | 1 Sliderby10web | 2022-05-30 | 3.5 LOW | 4.8 MEDIUM |
| The Sliderby10Web WordPress plugin before 1.2.52 does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2022-0346 | 1 Xmlsitemapgenerator | 1 Xml Sitemap Generator | 2022-05-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include is turned on. | |||||
| CVE-2022-30464 | 1 Chatbot App With Suggestion In Php\/oop Project | 1 Chatbot App With Suggestion In Php\/oop | 2022-05-28 | 3.5 LOW | 5.4 MEDIUM |
| ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Site Scripting (XSS) via /simple_chat_bot/classes/Master.php?f=save_response. | |||||
| CVE-2022-30462 | 1 Water Billing System Project | 1 Water Billing System | 2022-05-28 | 3.5 LOW | 5.4 MEDIUM |
| Water-billing-management-system v1.0 is affected by: Cross Site Scripting (XSS) via /wbms/classes/Users.php?f=save, firstname. | |||||
| CVE-2022-30460 | 1 Simple Social Networking Site Project | 1 Simple Social Networking Site | 2022-05-28 | 3.5 LOW | 5.4 MEDIUM |
| Simple Social Networking Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /sns/classes/Users.php?f=save, firstname. | |||||
| CVE-2022-30458 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2022-05-28 | 3.5 LOW | 5.4 MEDIUM |
| Automotive Shop Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /asms/classes/Master.php?f=save_product, name. | |||||
| CVE-2022-30456 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-05-28 | 3.5 LOW | 5.4 MEDIUM |
| Badminton Center Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /bcms/classes/Master.php?f=save_court_rental. | |||||
| CVE-2022-30839 | 1 Room Rent Portal Site Project | 1 Room Rent Portal Site | 2022-05-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Room-rent-portal-site v1.0 is vulnerable to Cross Site Scripting (XSS) via /rrps/classes/Master.php?f=save_category, vehicle_name. | |||||
| CVE-2022-30842 | 1 Covid 19 Travel Pass Management System Project | 1 Covid 19 Travel Pass Management System | 2022-05-28 | 3.5 LOW | 5.4 MEDIUM |
| Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ctpms/classes/Users.php?f=save, firstname. | |||||
| CVE-2022-1825 | 1 Collectiveaccess | 1 Providence | 2022-05-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository collectiveaccess/providence prior to 1.8. | |||||