Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43707 | 1 Mybb | 1 Mybb | 2022-11-22 | N/A | 6.1 MEDIUM |
| MyBB 1.8.31 has a Cross-site scripting (XSS) vulnerability in the visual MyCode editor (SCEditor) allows remote attackers to inject HTML via user input or stored data | |||||
| CVE-2021-36905 | 1 Expresstech | 1 Quiz And Survey Master | 2022-11-22 | N/A | 5.4 MEDIUM |
| Multiple Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Quiz And Survey Master plugin <= 7.3.4 on WordPress. | |||||
| CVE-2022-36357 | 1 Webpsilon | 1 Ultimate Tables | 2022-11-22 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ULTIMATE TABLES plugin <= 1.6.5 on WordPress. | |||||
| CVE-2022-40470 | 1 Blood Donor Management System Project | 1 Blood Donor Management System | 2022-11-21 | N/A | 4.8 MEDIUM |
| Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripting via Add Blood Group Name Feature. | |||||
| CVE-2022-38146 | 1 Silverstripe | 1 Framework | 2022-11-21 | N/A | 5.4 MEDIUM |
| Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3). | |||||
| CVE-2022-40694 | 1 Storeapps | 1 News Announcement Scroll | 2022-11-21 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in News Announcement Scroll plugin <= 8.8.8 on WordPress. | |||||
| CVE-2022-41132 | 1 Ezoic | 1 Ezoic | 2022-11-21 | N/A | 6.1 MEDIUM |
| Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerability in Ezoic plugin <= 2.8.8 on WordPress. | |||||
| CVE-2022-41315 | 1 Ezoic | 1 Ezoic | 2022-11-21 | N/A | 4.8 MEDIUM |
| Auth. Stored Cross-Site Scripting (XSS) vulnerability in Ezoic plugin <= 2.8.8 on WordPress. | |||||
| CVE-2019-20798 | 1 Cherokee-project | 1 Cherokee | 2022-11-21 | 6.0 MEDIUM | 8.4 HIGH |
| An XSS issue was discovered in handler_server_info.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and execute arbitrary commands. | |||||
| CVE-2022-45012 | 1 Wbce | 1 Wbce Cms | 2022-11-21 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field. | |||||
| CVE-2022-45013 | 1 Wbce | 1 Wbce Cms | 2022-11-21 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field. | |||||
| CVE-2022-45016 | 1 Wbce | 1 Wbce Cms | 2022-11-21 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer field. | |||||
| CVE-2022-45015 | 1 Wbce | 1 Wbce Cms | 2022-11-21 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Footer field. | |||||
| CVE-2022-45014 | 1 Wbce | 1 Wbce Cms | 2022-11-21 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Header field. | |||||
| CVE-2022-45017 | 1 Wbce | 1 Wbce Cms | 2022-11-21 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Loop field. | |||||
| CVE-2022-36432 | 1 Amasty | 1 Blog Pro | 2022-11-21 | N/A | 5.4 MEDIUM |
| The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 uses eval unsafely. This allows attackers to perform Cross-site Scripting attacks on admin panel users by manipulating the generated preview application response. | |||||
| CVE-2022-41319 | 1 Veritas | 1 Desktop And Laptop Option | 2022-11-21 | N/A | 6.1 MEDIUM |
| A Reflected Cross-Site Scripting (XSS) vulnerability affects the Veritas Desktop Laptop Option (DLO) application login page (aka the DLOServer/restore/login.jsp URI). This affects versions before 9.8 (e.g., 9.1 through 9.7). | |||||
| CVE-2017-2127 | 1 Yop-poll | 1 Yop Poll | 2022-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in YOP Poll versions prior to 5.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2022-42960 | 1 Equalweb | 1 Equalweb Accessibility Widget | 2022-11-21 | N/A | 5.4 MEDIUM |
| EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.10, 3.0.0, 3.0.1, 3.0.2, 4.0.0, and 4.0.1 allows DOM XSS due to improper validation of message events to accessibility.js. | |||||
| CVE-2020-24609 | 1 Techkshetrainfo | 1 Savsoft Quiz | 2022-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5.5 and earlier has XSS which can result in an attacker injecting the XSS payload in the User Registration section and each time the admin visits the manage user section from the admin panel, the XSS triggers and the attacker can steal the cookie via crafted payload. | |||||