Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40750 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2022-11-16 | N/A | 5.4 MEDIUM |
| IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236588. | |||||
| CVE-2020-15676 | 3 Debian, Mozilla, Opensuse | 5 Debian Linux, Firefox, Firefox Esr and 2 more | 2022-11-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. | |||||
| CVE-2019-11556 | 2 Opensuse, Redhat | 3 Backports Sle, Leap, Pagure | 2022-11-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pagure before 5.6 allows XSS via the templates/blame.html blame view. | |||||
| CVE-2022-3943 | 1 Foru Cms Project | 1 Foru Cms | 2022-11-15 | N/A | 5.4 MEDIUM |
| A vulnerability was found in ForU CMS. It has been classified as problematic. Affected is an unknown function of the file cms_chip.php. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-213450 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3942 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-11-15 | N/A | 6.1 MEDIUM |
| A vulnerability was found in SourceCodester Sanitization Management System and classified as problematic. This issue affects some unknown processing of the file php-sms/?p=request_quote. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-213449 was assigned to this vulnerability. | |||||
| CVE-2022-3950 | 1 Publiccms | 1 Publiccms | 2022-11-15 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. Affected is the function initLink of the file dwz.min.js of the component Tab Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a972dc9b1c94aea2d84478bf26283904c21e4ca2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213456. | |||||
| CVE-2022-36776 | 2 Ibm, Linux | 2 Cloud Pak For Security, Linux Kernel | 2022-11-15 | N/A | 5.4 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.10.0.0 79and 1.10.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233663. | |||||
| CVE-2022-26088 | 1 Bmc | 1 Remedy It Service Management Suite | 2022-11-15 | N/A | 5.4 MEDIUM |
| An issue was discovered in BMC Remedy before 22.1. Email-based Incident Forwarding allows remote authenticated users to inject HTML (such as an SSRF payload) into the Activity Log by placing it in the To: field. This affects rendering that occurs upon a click in the "number of recipients" field. NOTE: the vendor's position is that "no real impact is demonstrated." | |||||
| CVE-2022-35740 | 1 Dotcms | 1 Dotcms | 2022-11-15 | N/A | 6.1 MEDIUM |
| dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. (This is also fixed in 5.3.8.12, 21.06.9, and 22.03.2 for LTS users.) Some Java application frameworks, including those used by Spring or Tomcat, allow the use of matrix parameters: these are URI parameters separated by semicolons. Through precise semicolon placement in a URI, it is possible to exploit this feature to avoid dotCMS's path-based XSS prevention (such as "require login" filters), and consequently access restricted resources. For example, an attacker could place a semicolon immediately before a / character that separates elements of a filesystem path. This could reveal file content that is ordinarily only visible to signed-in users. This issue can be chained with other exploit code to achieve XSS attacks against dotCMS. | |||||
| CVE-2022-3949 | 1 Simple Cashiering System Project | 1 Simple Cashiering System | 2022-11-15 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Sourcecodester Simple Cashiering System. This issue affects some unknown processing of the component User Account Handler. The manipulation of the argument fullname leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-213455. | |||||
| CVE-2022-42460 | 1 Sedlex | 1 Traffic Manager | 2022-11-15 | N/A | 5.4 MEDIUM |
| Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS) in Traffic Manager plugin <= 1.4.5 on WordPress. | |||||
| CVE-2021-40289 | 1 Mm-wki Project | 1 Mm-wki | 2022-11-15 | N/A | 6.1 MEDIUM |
| mm-wki v0.2.1 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2021-36885 | 1 Ciphercoin | 1 Contact Form 7 Database Addon | 2022-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.6.1). | |||||
| CVE-2018-6891 | 1 Booking-wp-plugin | 1 Bookly | 2022-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a jQuery.ajax request to ng-payment_details_dialog.js. | |||||
| CVE-2021-24930 | 1 Booking-wp-plugin | 1 Bookly | 2022-11-14 | 3.5 LOW | 5.4 MEDIUM |
| The WordPress Online Booking and Scheduling Plugin WordPress plugin before 20.3.1 does not escape the Staff Full Name field before outputting it back in a page, which could lead to a Stored Cross-Site Scripting issue | |||||
| CVE-2022-39398 | 1 Infotel | 1 Tasklists | 2022-11-10 | N/A | 6.1 MEDIUM |
| tasklists is a tasklists plugin for GLPI (Kanban). Versions prior to 2.0.3 are vulnerable to Cross-site Scripting. Cross-site Scripting (XSS) - Create XSS in task content (when add it). This issue is patched in version 2.0.3. There are no known workarounds. | |||||
| CVE-2022-3265 | 1 Gitlab | 1 Gitlab | 2022-11-10 | N/A | 5.4 MEDIUM |
| A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side. | |||||
| CVE-2022-31688 | 1 Vmware | 1 Workspace One Assist | 2022-11-10 | N/A | 6.1 MEDIUM |
| VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window. | |||||
| CVE-2022-44590 | 1 Simple Video Embedder Project | 1 Simple Video Embedder | 2022-11-10 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in James Lao's Simple Video Embedder plugin <= 2.2 on WordPress. | |||||
| CVE-2022-43320 | 1 Feehi | 1 Feehicms | 2022-11-10 | N/A | 6.1 MEDIUM |
| FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /web/admin/index.php?r=log%2Fview-layer. | |||||