Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42097 | 1 Backdropcms | 1 Backdrop | 2022-11-23 | N/A | 4.8 MEDIUM |
| Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' . | |||||
| CVE-2022-42094 | 1 Backdropcms | 1 Backdrop | 2022-11-23 | N/A | 4.8 MEDIUM |
| Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content. | |||||
| CVE-2022-41445 | 1 Teacher Record Management System Project | 1 Teacher Record Management System | 2022-11-23 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Record Management System using CodeIgniter 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Subject page. | |||||
| CVE-2022-42989 | 1 Sankhya | 1 Sankhya Om | 2022-11-23 | N/A | 9.0 CRITICAL |
| ERP Sankhya before v4.11b81 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Caixa de Entrada. | |||||
| CVE-2022-4105 | 1 Kiwitcms | 1 Kiwi Tcms | 2022-11-23 | N/A | 5.4 MEDIUM |
| A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack (clickjacking) and an HTML injection which disables the use of the history page. | |||||
| CVE-2022-38462 | 1 Silverstripe | 1 Framework | 2022-11-23 | N/A | 6.1 MEDIUM |
| Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request. | |||||
| CVE-2022-3618 | 1 Clevelandwebdeveloper | 1 Spacer | 2022-11-23 | N/A | 4.8 MEDIUM |
| The Spacer WordPress plugin before 3.0.7 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). | |||||
| CVE-2022-41643 | 1 Accessibility Project | 1 Accessibility | 2022-11-23 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Accessibility plugin <= 1.0.3 on WordPress. | |||||
| CVE-2022-39181 | 1 Glpi-project | 1 Reports | 2022-11-23 | N/A | 6.1 MEDIUM |
| GLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS). Type 1: Reflected XSS (or Non-Persistent) - The server reads data directly from the HTTP request and reflects it back in the HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or emailed directly to the victim. URLs constructed in this manner constitute the core of many phishing schemes, whereby an attacker convinces a victim to visit a URL that refers to a vulnerable site. After the site reflects the attacker's content back to the victim, the content is executed by the victim's browser. | |||||
| CVE-2022-44787 | 1 Maggioli | 1 Appalti \& Contratti | 2022-11-23 | N/A | 6.1 MEDIUM |
| An issue was discovered in Appalti & Contratti 9.12.2. The web applications are vulnerable to a Reflected Cross-Site Scripting issue. The idPagina parameter is reflected inside the server response without any HTML encoding, resulting in XSS when the victim moves the mouse pointer inside the page. As an example, the onmouseenter attribute is not sanitized. | |||||
| CVE-2022-41788 | 1 Pencidesign | 1 Soledad | 2022-11-23 | N/A | 5.4 MEDIUM |
| Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Soledad premium theme <= 8.2.5 on WordPress. | |||||
| CVE-2022-43117 | 1 Password Storage Application Project | 1 Password Storage Application | 2022-11-23 | N/A | 5.4 MEDIUM |
| Sourcecodester Password Storage Application in PHP/OOP and MySQL 1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Name, Username, Description and Site Feature parameters. | |||||
| CVE-2022-3753 | 1 Evaluate Project | 1 Evaluate | 2022-11-23 | N/A | 4.8 MEDIUM |
| The Evaluate WordPress plugin through 1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). | |||||
| CVE-2022-42096 | 1 Backdropcms | 1 Backdrop Cms | 2022-11-23 | N/A | 4.8 MEDIUM |
| Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content. | |||||
| CVE-2022-31097 | 2 Grafana, Netapp | 2 Grafana, E-series Performance Analyzer | 2022-11-23 | N/A | 8.7 HIGH |
| Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting. | |||||
| CVE-2022-45082 | 1 Oxilab | 1 Accordions | 2022-11-23 | N/A | 4.8 MEDIUM |
| Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilities in Accordions plugin <= 2.0.3 on WordPress via &addons-style-name and &accordions_or_faqs_license_key. | |||||
| CVE-2021-31739 | 1 Seppmail | 1 Seppmail | 2022-11-22 | N/A | 6.1 MEDIUM |
| The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability (XSS), because user input is not correctly encoded in HTML attributes when returned by the server.SEPPmail 11.1.10 allows XSS via a recipient address. | |||||
| CVE-2021-37936 | 1 Elastic | 1 Kibana | 2022-11-22 | N/A | 5.4 MEDIUM |
| It was discovered that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the ability to write documents to an elasticsearch index could inject HTML. When the Discover app highlighted a search term containing the HTML, it would be rendered for the user. | |||||
| CVE-2022-43143 | 1 Beekeeperstudio | 1 Beekeeper-studio | 2022-11-22 | N/A | 9.6 CRITICAL |
| A cross-site scripting (XSS) vulnerability in Beekeeper Studio v3.6.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error modal container. | |||||
| CVE-2022-43708 | 1 Mybb | 1 Mybb | 2022-11-22 | N/A | 6.1 MEDIUM |
| MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) vulnerabilities in the post Attachments interface allow attackers to inject HTML by persuading the user to upload a file with specially crafted name | |||||