Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29727 | 1 Surveysparrow | 1 Enterprise Survey Software | 2022-05-23 | 3.5 LOW | 5.4 MEDIUM |
| Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting (XSS) vulnerability in the Signup parameter. | |||||
| CVE-2022-29728 | 1 Surveysparrow | 1 Enterprise Survey Software | 2022-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Survey Sparrow Enterprise Survey Software 2022 has a Reflected cross-site scripting (XSS) vulnerability in the test parameter. | |||||
| CVE-2020-22985 | 1 Microstrategy | 1 Microstrategy Web Sdk | 2022-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task. | |||||
| CVE-2020-22984 | 1 Microstrategy | 1 Microstrategy Web Sdk | 2022-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task. | |||||
| CVE-2020-22986 | 1 Microstrategy | 1 Microstrategy Web Sdk | 2022-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task. | |||||
| CVE-2020-22987 | 1 Microstrategy | 1 Microstrategy Web Sdk | 2022-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task. | |||||
| CVE-2019-10219 | 3 Netapp, Oracle, Redhat | 194 Active Iq Unified Manager, Element, Management Services For Element Software And Netapp Hci and 191 more | 2022-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. | |||||
| CVE-2022-29929 | 1 Jetbrains | 1 Teamcity | 2022-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible | |||||
| CVE-2022-29927 | 1 Jetbrains | 1 Teamcity | 2022-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible | |||||
| CVE-2022-28919 | 1 Dokuwiki | 1 Dokuwiki | 2022-05-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename. | |||||
| CVE-2022-1682 | 1 Facturascripts | 1 Facturascripts | 2022-05-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Xss using url based payload in GitHub repository neorazorx/facturascripts prior to 2022.07. Xss can use to steal user's cookies which lead to Account takeover or do any malicious activity in victim's browser | |||||
| CVE-2022-28920 | 1 Moecraft | 1 Tieba-cloud-sign | 2022-05-21 | 3.5 LOW | 4.8 MEDIUM |
| Tieba-Cloud-Sign v4.9 was discovered to contain a cross-site scripting (XSS) vulnerability via the function strip_tags. | |||||
| CVE-2021-42648 | 1 Coder | 1 Code-server | 2022-05-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability exists in Coder Code-Server before 3.12.0, allows attackers to execute arbitrary code via crafted URL. | |||||
| CVE-2022-30057 | 1 Shopwind | 1 Shopwind | 2022-05-20 | 3.5 LOW | 5.4 MEDIUM |
| Shopwind <=v3.4.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability. | |||||
| CVE-2021-31330 | 1 Reviewboard | 1 Review Board | 2022-05-20 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent. | |||||
| CVE-2021-28290 | 1 Identityserver4.admin Project | 1 Identityserver4.admin | 2022-05-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Skoruba IdentityServer4.Admin before 2.0.0 via unencoded value passed to the data-secret-value parameter. | |||||
| CVE-2022-23137 | 1 Zte | 2 Zxcdn, Zxcdn Firmware | 2022-05-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| ZTE's ZXCDN product has a reflective XSS vulnerability. The attacker could modify the parameters in the content clearing request url, and when a user clicks the url, an XSS attack will be triggered. | |||||
| CVE-2021-30140 | 1 Liquidfiles | 1 Liquidfiles | 2022-05-19 | 3.5 LOW | 5.4 MEDIUM |
| LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content (such as SVG with HTML content), the payload is executed upon a click. This is fixed in 3.5. | |||||
| CVE-2022-22320 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2022-05-19 | 3.5 LOW | 4.8 MEDIUM |
| IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 218367. | |||||
| CVE-2022-27656 | 1 Sap | 3 Netweaver As Abap Kernel, Netweaver As Abap Krnl64uc, Webdispatcher | 2022-05-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2021-39059 | 1 Ibm | 1 Jazz Foundation | 2022-05-19 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214619. | |||||
| CVE-2021-20771 | 1 Cybozu | 1 Garoon | 2022-05-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2022-29610 | 1 Sap | 1 Netweaver Application Server Abap | 2022-05-19 | 3.5 LOW | 5.4 MEDIUM |
| SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack. | |||||
| CVE-2021-43081 | 1 Fortinet | 2 Fortios, Fortiproxy | 2022-05-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. and in FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0 web filter override form may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests. | |||||
| CVE-2022-1433 | 1 Gitlab | 1 Gitlab | 2022-05-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing invalidation of Markdown caching causes potential payloads from a previously exploitable XSS vulnerability (CVE-2022-1175) to persist and execute. | |||||
| CVE-2022-30278 | 1 Synopsys | 1 Black Duck Hub | 2022-05-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in Black Duck Hub’s embedded MadCap Flare documentation files could allow an unauthenticated remote attacker to conduct a cross-site scripting attack. The vulnerability is due to improper validation of user-supplied input to MadCap Flare's framework embedded within Black Duck Hub's Help Documentation to supply content. An attacker could exploit this vulnerability by convincing a user to click a link designed to pass malicious input to the interface. A successful exploit could allow the attacker to conduct cross-site scripting attacks and gain access to sensitive browser-based information. | |||||
| CVE-2022-28077 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2022-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['s'] parameter. | |||||
| CVE-2022-28078 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2022-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['page'] parameter. | |||||
| CVE-2022-29976 | 1 Altn | 1 Mdaemon | 2022-05-17 | 3.5 LOW | 5.4 MEDIUM |
| An Authenticated Reflected Cross-site scripting at BCC Parameter was discovered in MDaemon before 22.0.0 . | |||||
| CVE-2022-29975 | 1 Altn | 1 Mdaemon | 2022-05-17 | 3.5 LOW | 5.4 MEDIUM |
| An Authenticated Reflected Cross-site scripting at CC Parameter was discovered in MDaemon before 22.0.0 . | |||||
| CVE-2022-1567 | 1 Wp-js Project | 1 Wp-js | 2022-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP-JS plugin for WordPress contains a script called wp-js.php with the function wp_js_admin, that accepts unvalidated user input and echoes it back to the user. This can be used for reflected Cross-Site Scripting in versions up to, and including, 2.0.6. | |||||
| CVE-2021-43712 | 1 Employee Daily Task Management System Project | 1 Employee Daily Task Management System | 2022-05-17 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS in Add New Employee Form in Sourcecodester Employee Daily Task Management System 1.0 Allows Remote Attacker to Inject/Store Arbitrary Code via the Name Field. | |||||
| CVE-2022-24681 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2022-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen. | |||||
| CVE-2022-27308 | 1 Phprojekt Phpsimplygest Project | 1 Phprojekt Phpsimplygest | 2022-05-17 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in PHProjekt PhpSimplyGest v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a project title. | |||||
| CVE-2022-1047 | 1 Themify | 1 Post Type Builder Search Addon | 2022-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Themify Post Type Builder Search Addon WordPress plugin before 1.4.0 does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability. | |||||
| CVE-2022-1104 | 1 Code-atlantic | 1 Popup Maker | 2022-05-17 | 3.5 LOW | 4.8 MEDIUM |
| The Popup Maker WordPress plugin before 1.16.5 does not sanitise and escape some of its Popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-29413 | 1 Hermit Project | 1 Hermit | 2022-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng's Hermit ????? plugin <= 3.1.6 on WordPress via &title parameter. | |||||
| CVE-2018-19615 | 1 Rockwellautomation | 2 Powermonitor 1000, Powermonitor 1000 Firmware | 2022-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. A remote attacker could inject arbitrary code into a targeted userâ??s web browser to gain access to the affected device. | |||||
| CVE-2019-8331 | 4 F5, Getbootstrap, Redhat and 1 more | 16 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 13 more | 2022-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. | |||||
| CVE-2022-0625 | 1 Admin Menu Editor Project | 1 Admin Menu Editor | 2022-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Admin Menu Editor WordPress plugin through 1.0.4 does not sanitize and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-29420 | 1 Edmonsoft | 1 Countdown Builder | 2022-05-16 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-circle-countdown-before-countdown and &ycd-circle-countdown-after-countdown vulnerable parameters. | |||||
| CVE-2022-29422 | 1 Edmonsoft | 1 Countdown Builder | 2022-05-16 | 3.5 LOW | 4.8 MEDIUM |
| Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabilities in Adam Skaat's Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-countdown-width, &ycd-progress-height, &ycd-progress-width, &ycd-button-margin-top, &ycd-button-margin-right, &ycd-button-margin-bottom, &ycd-button-margin-left, &ycd-circle-countdown-before-countdown, &ycd-circle-countdown-after-countdown vulnerable parameters. | |||||
| CVE-2022-29421 | 1 Edmonsoft | 1 Countdown Builder | 2022-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown & Clock plugin on WordPress via &ycd_type vulnerable parameter. | |||||
| CVE-2021-39024 | 1 Ibm | 1 Guardium Data Encryption | 2022-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213862. | |||||
| CVE-2022-28545 | 1 Fudforum | 1 Fudforum | 2022-05-16 | 3.5 LOW | 5.4 MEDIUM |
| FUDforum 3.1.1 is vulnerable to Stored XSS. | |||||
| CVE-2022-1338 | 1 Commonninja | 1 Easily Generate Rest Api | 2022-05-16 | 3.5 LOW | 4.8 MEDIUM |
| The Easily Generate Rest API Url WordPress plugin through 1.0.0 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-1303 | 1 Slide Anything Project | 1 Slide Anything | 2022-05-16 | 3.5 LOW | 4.8 MEDIUM |
| The Slide Anything WordPress plugin before 2.3.44 does not sanitize and escape sliders' description, which could allow high privilege users such as editor and above to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed | |||||
| CVE-2022-1171 | 1 Vertical Scroll Recent Post Project | 1 Vertical Scroll Recent Post | 2022-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Vertical scroll recent post WordPress plugin before 14.0 does not sanitise and escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0898 | 1 Getigniteup | 1 Igniteup | 2022-05-16 | 3.5 LOW | 5.4 MEDIUM |
| The IgniteUp WordPress plugin through 3.4.1 does not sanitise and escape some fields when high privilege users don't have the unfiltered_html capability, which could lead to Stored Cross-Site Scripting issues | |||||
| CVE-2022-0874 | 1 Wp-experts | 1 Wp Social Buttons | 2022-05-16 | 3.5 LOW | 4.8 MEDIUM |
| The WP Social Buttons WordPress plugin through 2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||