Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41349 | 1 Zimbra | 1 Collaboration | 2022-10-13 | N/A | 6.1 MEDIUM |
| In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/compose accepts an attachUrl parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine. | |||||
| CVE-2022-41348 | 1 Zimbra | 1 Collaboration | 2022-10-13 | N/A | 6.1 MEDIUM |
| An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via the onerror attribute of an IMG element, leading to information disclosure. | |||||
| CVE-2022-33978 | 1 Fontmeister Project | 1 Fontmeister | 2022-10-13 | N/A | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) vulnerability FontMeister plugin <= 1.08 at WordPress. | |||||
| CVE-2022-40047 | 1 Flatpress | 1 Flatpress | 2022-10-13 | N/A | 5.4 MEDIUM |
| Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php. | |||||
| CVE-2022-42711 | 1 Progress | 1 Whatsup Gold | 2022-10-13 | N/A | 9.6 CRITICAL |
| In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim's browser. | |||||
| CVE-2022-41206 | 1 Sap | 1 Businessobjects Business Intelligence | 2022-10-12 | N/A | 5.4 MEDIUM |
| SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) - versions 420, 430, allows an authenticated attacker to send user-controlled inputs when OLAP connections are created and edited in the Central Management Console. On successful exploitation, there could be a limited impact on confidentiality and integrity of the application. | |||||
| CVE-2022-3207 | 1 Simplefilelist | 1 Simple-file-list | 2022-10-12 | N/A | 4.8 MEDIUM |
| The Simple File List WordPress plugin before 4.4.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-35226 | 1 Sap | 1 Data Services | 2022-10-12 | N/A | 6.1 MEDIUM |
| SAP Data Services Management allows an attacker to copy the data from a request and echoed into the application's immediate response, it will lead to a Cross-Site Scripting vulnerability. The attacker would have to log in to the management console to perform such as an attack, only few of the pages are vulnerable in the DS management console. | |||||
| CVE-2022-35297 | 1 Sap | 1 Enable Now | 2022-10-12 | N/A | 5.4 MEDIUM |
| The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting (XSS) vulnerability leading to limited impact on Confidentiality, Integrity and Availability. | |||||
| CVE-2022-40178 | 1 Siemens | 20 Desigo Pxm30-1, Desigo Pxm30-1 Firmware, Desigo Pxm30.e and 17 more | 2022-10-12 | N/A | 5.4 MEDIUM |
| A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). Improper Neutralization of Input During Web Page Generation exists in the “Import Files“ functionality of the “Operation” web application, due to the missing validation of the titles of files included in the input package. By uploading a specifically crafted graphics package, a remote low-privileged attacker can execute arbitrary JavaScript code. | |||||
| CVE-2022-3220 | 1 Webgilde | 1 Advanced Comment Form | 2022-10-12 | N/A | 4.8 MEDIUM |
| The Advanced Comment Form WordPress plugin before 1.2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-3209 | 1 Pencidesign | 1 Soledad | 2022-10-12 | N/A | 6.1 MEDIUM |
| The soledad WordPress theme before 8.2.5 does not sanitise the {id,datafilter[type],...} parameters in its penci_more_slist_post_ajax AJAX action, leading to a Reflected Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2022-3137 | 1 Taskbuilder | 1 Taskbuilder | 2022-10-12 | N/A | 5.4 MEDIUM |
| The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user (such as subscriber) creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file | |||||
| CVE-2022-3136 | 1 Wpsocialrocket | 1 Social Rocket | 2022-10-12 | N/A | 4.8 MEDIUM |
| The Social Rocket WordPress plugin before 1.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-42235 | 1 Student Clearance System Project | 1 Student Clearance System | 2022-10-11 | N/A | 5.4 MEDIUM |
| A Stored XSS issue in Student Clearance System v.1.0 allows the injection of arbitrary JavaScript in the Student registration form. | |||||
| CVE-2022-42236 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-10-11 | N/A | 5.4 MEDIUM |
| A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form. | |||||
| CVE-2021-36899 | 1 Asset Cleanup\ | 1 Page Speed Booster Project | 2022-10-11 | N/A | 4.8 MEDIUM |
| Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Gabe Livan's Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 at WordPress. | |||||
| CVE-2022-3452 | 1 Book Store Management System Project | 1 Book Store Management System | 2022-10-11 | N/A | 5.4 MEDIUM |
| A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument category_name leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-210436. | |||||
| CVE-2022-3453 | 1 Book Store Management System Project | 1 Book Store Management System | 2022-10-11 | N/A | 5.4 MEDIUM |
| A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /transcation.php. The manipulation of the argument buyer_name leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-210437 was assigned to this vulnerability. | |||||
| CVE-2022-41376 | 1 Metroui | 1 Metro Ui | 2022-10-11 | N/A | 6.1 MEDIUM |
| Metro UI v4.4.0 to v4.5.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Javascript function. | |||||