Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41702 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | N/A | 5.4 MEDIUM |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API. | |||||
| CVE-2022-3716 | 1 Online Medicine Ordering System Project | 1 Online Medicine Ordering System | 2022-10-28 | N/A | 5.4 MEDIUM |
| A vulnerability classified as problematic was found in SourceCodester Online Medicine Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /omos/admin/?page=user/list. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-212347. | |||||
| CVE-2022-3673 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-10-28 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SourceCodester Sanitization Management System 1.0. Affected is an unknown function of the file /php-sms/classes/Master.php. The manipulation of the argument message leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-212016. | |||||
| CVE-2022-3672 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-10-28 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Sanitization Management System 1.0. This issue affects some unknown processing of the file /php-sms/classes/SystemSettings.php. The manipulation of the argument name/shortname leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-212015. | |||||
| CVE-2022-20959 | 1 Cisco | 1 Identity Services Engine | 2022-10-28 | N/A | 5.4 MEDIUM |
| A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by persuading an authenticated administrator of the web-based management interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2021-45476 | 1 Yordam | 1 Library Automation System | 2022-10-28 | N/A | 6.1 MEDIUM |
| Yordam Library Information Document Automation product before version 19.02 has an unauthenticated reflected XSS vulnerability. | |||||
| CVE-2021-38374 | 1 Open-xchange | 1 Ox App Suite | 2022-10-28 | 3.5 LOW | 5.4 MEDIUM |
| OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader reference within an app loader URL. | |||||
| CVE-2021-24653 | 1 Cookie-bar Project | 1 Cookie-bar | 2022-10-28 | 3.5 LOW | 4.8 MEDIUM |
| The Cookie Bar WordPress plugin before 1.8.9 doesn't properly sanitise the Cookie Bar Message setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-38189 | 1 Esri | 1 Portal For Arcgis | 2022-10-28 | N/A | 5.4 MEDIUM |
| A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser. | |||||
| CVE-2022-31468 | 1 Open-xchange | 1 Ox App Suite | 2022-10-27 | N/A | 6.1 MEDIUM |
| OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter. | |||||
| CVE-2022-42991 | 1 Simple Online Public Access Catalog Project | 1 Simple Online Public Access Catalog | 2022-10-27 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Simple Online Public Access Catalog v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Account Full Name field. | |||||
| CVE-2022-42993 | 1 Password Storage Application Project | 1 Password Storage Application | 2022-10-27 | N/A | 5.4 MEDIUM |
| Password Storage Application v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Setup page. | |||||
| CVE-2019-6142 | 1 Forcepoint | 2 Email Security, Security Manager | 2022-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It is strongly recommended that you apply the relevant hotfix in order to remediate this issue. | |||||
| CVE-2022-1095 | 1 Mihdan\ | 1 No External Links Project | 2022-10-27 | 3.5 LOW | 4.8 MEDIUM |
| The Mihdan: No External Links WordPress plugin before 5.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-35882 | 1 Gsplugins | 1 Gs Testimonial Slider | 2022-10-27 | N/A | 4.8 MEDIUM |
| Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in GS Plugins GS Testimonial Slider plugin <= 1.9.5 at WordPress. | |||||
| CVE-2022-30770 | 1 Terminalfour | 1 Terminalfour | 2022-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Terminalfour versions 8.3.7, 8.3.x versions prior to version 8.3.8 and r 8.2.x versions prior to version 8.2.18.5 or 8.2.18.2.1 are vulnerable to (XSS) vulnerability that could be exploited by an attacker to mislead an administrator and steal their credentials. | |||||
| CVE-2021-43787 | 1 Nodebb | 1 Nodebb | 2022-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Nodebb is an open source Node.js based forum software. In affected versions a prototype pollution vulnerability in the uploader module allowed a malicious user to inject arbitrary data (i.e. javascript) into the DOM, theoretically allowing for an account takeover when used in conjunction with a path traversal vulnerability disclosed at the same time as this report. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible. | |||||
| CVE-2022-25574 | 1 Douco | 1 Douphp | 2022-10-27 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file. | |||||
| CVE-2021-43696 | 1 Twmap Project | 1 Twmap | 2022-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| twmap v2.91_v4.33 is affected by a Cross Site Scripting (XSS) vulnerability. In file list.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST then there is a XSS vulnerability. | |||||
| CVE-2021-43692 | 1 Youtube-php-mirroring Project | 1 Youtube-php-mirroring | 2022-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| youtube-php-mirroring (last update Jun 9, 2017) is affected by a Cross Site Scripting (XSS) vulnerability in file ytproxy/index.php. | |||||