Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45218 | 1 Human Resource Management System Project | 1 Human Resource Management System | 2022-11-29 | N/A | 6.1 MEDIUM |
| Human Resource Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. This vulnerability is triggered via a crafted payload injected into an authentication error message. | |||||
| CVE-2022-37721 | 1 Pyrocms | 1 Pyrocms | 2022-11-29 | N/A | 9.0 CRITICAL |
| PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation. | |||||
| CVE-2022-4068 | 1 Librenms | 1 Librenms | 2022-11-29 | N/A | 5.4 MEDIUM |
| A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary JavaScript in the context of an admin's account. | |||||
| CVE-2022-32060 | 1 Snipeitapp | 1 Snipe-it | 2022-11-28 | 3.5 LOW | 4.8 MEDIUM |
| An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2022-45036 | 1 Wbce | 1 Wbce Cms | 2022-11-28 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field. | |||||
| CVE-2022-45038 | 1 Wbce | 1 Wbce Cms | 2022-11-28 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field. | |||||
| CVE-2022-45037 | 1 Wbce | 1 Wbce Cms | 2022-11-28 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field. | |||||
| CVE-2022-45040 | 1 Wbce | 1 Wbce Cms | 2022-11-28 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field. | |||||
| CVE-2022-4089 | 1 Stock Management System Project | 1 Stock Management System | 2022-11-28 | N/A | 5.4 MEDIUM |
| A vulnerability was found in rickxy Stock Management System. It has been declared as problematic. This vulnerability affects unknown code of the file /pages/processlogin.php. The manipulation of the argument user leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214324. | |||||
| CVE-2022-45363 | 1 Muffingroup | 1 Betheme | 2022-11-28 | N/A | 5.4 MEDIUM |
| Auth. (subscriber+) Stored Cross-Site Scripting (XSS) in Muffingroup Betheme theme <= 26.6.1 on WordPress. | |||||
| CVE-2022-45280 | 1 Eyoucms | 1 Eyoucms | 2022-11-28 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2022-35501 | 1 Amasty | 1 Blog Pro | 2022-11-28 | N/A | 5.4 MEDIUM |
| Stored Cross-site Scripting (XSS) exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function. | |||||
| CVE-2022-35500 | 1 Amasty | 1 Blog Pro | 2022-11-28 | N/A | 5.4 MEDIUM |
| Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via leave comment functionality. | |||||
| CVE-2022-38724 | 1 Silverstripe | 3 Asset Admin, Assets, Framework | 2022-11-28 | N/A | 5.4 MEDIUM |
| Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS. | |||||
| CVE-2022-36180 | 1 Fusiondirectory | 1 Fusiondirectory | 2022-11-28 | N/A | 9.6 CRITICAL |
| Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirectory/index.php?signout=1&message=[injection]&plug=106. | |||||
| CVE-2022-45472 | 1 Caehealthcare | 1 Learningspace Enterprise | 2022-11-25 | N/A | 5.4 MEDIUM |
| CAE LearningSpace Enterprise (with Intuity License) image 267r patch 639 allows DOM XSS, related to ontouchmove and onpointerup. | |||||
| CVE-2022-41938 | 1 Flarum | 1 Flarum | 2022-11-25 | N/A | 5.4 MEDIUM |
| Flarum is an open source discussion platform. Flarum's page title system allowed for page titles to be converted into HTML DOM nodes when pages were rendered. The change was made after `v1.5` and was not noticed. This allowed an attacker to inject malicious HTML markup using a discussion title input, either by creating a new discussion or renaming one. The XSS attack occurs after a visitor opens the relevant discussion page. All communities running Flarum from `v1.5.0` to `v1.6.1` are impacted. The vulnerability has been fixed and published as flarum/core `v1.6.2`. All communities running Flarum from `v1.5.0` to `v1.6.1` have to upgrade as soon as possible to v1.6.2. There are no known workarounds for this issue. | |||||
| CVE-2019-16780 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2022-11-23 | 3.5 LOW | 5.4 MEDIUM |
| WordPress users with lower privileges (like contributors) can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. This can lead to XSS if an admin opens the post in the editor. Execution of this attack does require an authenticated user. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release. Automatic updates are enabled by default for minor releases and we strongly recommend that you keep them enabled. | |||||
| CVE-2022-41615 | 1 Agilelogix | 1 Store Locator | 2022-11-23 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on WordPress. | |||||
| CVE-2022-40963 | 1 Themeum | 1 Wp Page Builder | 2022-11-23 | N/A | 5.4 MEDIUM |
| Multiple Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerabilities in WP Page Builder plugin <= 1.2.6 on WordPress. | |||||