Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43120 | 1 Intelliants | 1 Subrion Cms | 2022-11-09 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field. | |||||
| CVE-2022-3462 | 1 Highlight Focus Project | 1 Highlight Focus | 2022-11-09 | N/A | 4.8 MEDIUM |
| The Highlight Focus WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-43119 | 1 Csphere | 1 Clansphere | 2022-11-09 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Clansphere CMS v2011.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username parameter. | |||||
| CVE-2022-43118 | 1 Flatcore | 1 Flatcore-cms | 2022-11-09 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username text field. | |||||
| CVE-2022-43144 | 1 Canteen Management System Project | 1 Canteen Management System | 2022-11-09 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Canteen Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2022-32776 | 1 Wpadvancedads | 1 Advanced Ads - Ad Manager \& Adsense | 2022-11-09 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Advanced Ads GmbH Advanced Ads – Ad Manager & AdSense plugin <= 1.31.1 on WordPress. | |||||
| CVE-2022-27914 | 1 Joomla | 1 Joomla\! | 2022-11-09 | N/A | 6.1 MEDIUM |
| An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media. | |||||
| CVE-2022-30545 | 1 5-anker | 1 5 Anker Connect | 2022-11-09 | N/A | 4.8 MEDIUM |
| Auth. Reflected Cross-Site Scripting (XSS) vulnerability in 5 Anker Connect plugin <= 1.2.6 on WordPress. | |||||
| CVE-2022-41980 | 1 Webartesanal | 1 Mantenimiento Web | 2022-11-09 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mantenimiento web plugin <= 0.13 on WordPress. | |||||
| CVE-2022-37896 | 2 Arubanetworks, Siemens | 4 Arubaos, Instant, Scalance W1750d and 1 more | 2022-11-08 | N/A | 6.1 MEDIUM |
| A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability. | |||||
| CVE-2022-37892 | 2 Arubanetworks, Siemens | 4 Arubaos, Instant, Scalance W1750d and 1 more | 2022-11-08 | N/A | 5.4 MEDIUM |
| A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address this security vulnerability. | |||||
| CVE-2021-24349 | 1 Gallery From Files Project | 1 Gallery From Files | 2022-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| This Gallery from files WordPress plugin through 1.6.0 gives the functionality of uploading images to the server. But filenames are not properly sanitized before being output in an error message when they have an invalid extension, leading to a reflected Cross-Site Scripting issue. Due to the lack of CSRF check, the attack could also be performed via such vector. | |||||
| CVE-2021-24504 | 1 Wplearnmanager | 1 Wp Learn Manager | 2022-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP LMS – Best WordPress LMS Plugin WordPress plugin through 1.1.2 does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Furthermore, no CSRF and capability checks were in place, allowing such attack to be performed either via CSRF or as any user (including unauthenticated) | |||||
| CVE-2021-40303 | 1 Perfexcrm | 1 Perfex Crm | 2022-11-08 | N/A | 5.4 MEDIUM |
| perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clients/profile. | |||||
| CVE-2022-43569 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2022-11-08 | N/A | 5.4 MEDIUM |
| In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting (XSS) in the object name of a Data Model. | |||||
| CVE-2022-43317 | 1 Human Resource Management System Project | 1 Human Resource Management System | 2022-11-08 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /hrm/index.php?msg of Human Resource Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2022-20963 | 1 Cisco | 1 Identity Services Engine | 2022-11-08 | N/A | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need valid credentials to access the web-based management interface of an affected device. | |||||
| CVE-2022-20969 | 1 Cisco | 1 Umbrella | 2022-11-08 | N/A | 5.4 MEDIUM |
| A vulnerability in multiple management dashboard pages of Cisco Umbrella could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the Cisco Umbrella dashboard. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to the web application and persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. | |||||
| CVE-2022-41433 | 1 Eyesofnetwork | 1 Web Interface | 2022-11-08 | N/A | 4.8 MEDIUM |
| EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /module/admin_bp/add_application.php. | |||||
| CVE-2022-41432 | 1 Eyesofnetwork | 1 Web Interface | 2022-11-08 | N/A | 4.8 MEDIUM |
| EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /module/report_event/index.php. | |||||