Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35753 | 3 Linux, Microsoft, Persis | 3 Linux Kernel, Windows, Human Resource Management Portal | 2022-10-06 | 2.6 LOW | 6.1 MEDIUM |
| The job posting recommendation form in Persis Human Resource Management Portal (Versions 17.2.00 through 17.2.35 and 19.0.00 through 19.0.20), when the "Recommend job posting" function is enabled, allows XSS via the SENDER parameter. | |||||
| CVE-2019-16223 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2022-10-06 | 3.5 LOW | 5.4 MEDIUM |
| WordPress before 5.2.3 allows XSS in post previews by authenticated users. | |||||
| CVE-2020-4041 | 1 Boltcms | 1 Bolt | 2022-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Bolt CMS before version 3.7.1, the filename of uploaded files was vulnerable to stored XSS. It is not possible to inject javascript code in the file name when creating/uploading the file. But, once created/uploaded, it can be renamed to inject the payload in it. Additionally, the measures to prevent renaming the file to disallowed filename extensions could be circumvented. This is fixed in Bolt 3.7.1. | |||||
| CVE-2019-3865 | 1 Redhat | 1 Quay | 2022-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in quay-2, where a stored XSS vulnerability has been found in the super user function of quay. Attackers are able to use the name field of service key to inject scripts and make it run when admin users try to change the name. | |||||
| CVE-2020-26298 | 2 Debian, Redcarpet Project | 2 Debian Linux, Redcarpet | 2022-10-06 | 3.5 LOW | 5.4 MEDIUM |
| Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the `:escape_html` option was being used. This is fixed in version 3.5.1 by the referenced commit. | |||||
| CVE-2020-9371 | 1 Codepeople | 1 Appointment Booking Calendar | 2022-10-06 | 3.5 LOW | 4.8 MEDIUM |
| Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML. | |||||
| CVE-2022-39988 | 1 Centreon | 1 Centreon | 2022-10-06 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Centreon 22.04.0 allows attackers to execute arbitrary web script or HTML via a crafted payload injected into the Service>Templates service_alias parameter. | |||||
| CVE-2019-20803 | 1 Gilacms | 1 Gila Cms | 2022-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Gila CMS before 1.11.6 has reflected XSS via the admin/content/postcategory id parameter, which is mishandled for g_preview_theme. | |||||
| CVE-2020-6816 | 2 Fedoraproject, Mozilla | 2 Fedora, Bleach | 2022-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False. | |||||
| CVE-2022-35137 | 1 Dgiotcloud | 1 Dgiot | 2022-10-06 | N/A | 5.4 MEDIUM |
| DGIOT Lightweight industrial IoT v4.5.4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities. | |||||
| CVE-2020-10385 | 1 Wpforms | 1 Contact Form | 2022-10-06 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress. | |||||
| CVE-2020-6802 | 2 Fedoraproject, Mozilla | 2 Fedora, Bleach | 2022-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option. | |||||
| CVE-2022-28202 | 1 Mediawiki | 1 Mediawiki | 2022-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete. | |||||
| CVE-2021-39885 | 1 Gitlab | 1 Gitlab | 2022-10-06 | 3.5 LOW | 5.4 MEDIUM |
| A Stored XSS in merge request creation page in all versions of Gitlab EE starting from 13.7 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious approval rule names | |||||
| CVE-2020-9520 | 1 Microfocus | 1 Vibe | 2022-10-06 | 3.5 LOW | 5.4 MEDIUM |
| A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of the target user’s browser. | |||||
| CVE-2016-4508 | 1 Bosch | 1 Bladecontrol-webvis | 2022-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2022-24681 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2022-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen. | |||||
| CVE-2020-10448 | 1 Chadhaajay | 1 Phpkb | 2022-10-06 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10450 | 1 Chadhaajay | 1 Phpkb | 2022-10-06 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-traffic.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10449 | 1 Chadhaajay | 1 Phpkb | 2022-10-06 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-search.php by adding a question mark (?) followed by the payload. | |||||