Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10451 | 1 Chadhaajay | 1 Phpkb | 2022-10-06 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-user.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10453 | 1 Chadhaajay | 1 Phpkb | 2022-10-06 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/search-users.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10452 | 1 Chadhaajay | 1 Phpkb | 2022-10-06 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/save-article.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10454 | 1 Chadhaajay | 1 Phpkb | 2022-10-06 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/sitemap-generator.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10455 | 1 Chadhaajay | 1 Phpkb | 2022-10-06 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/translate.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10456 | 1 Chadhaajay | 1 Phpkb | 2022-10-06 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/trash-box.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10461 | 1 Chadhaajay | 1 Phpkb | 2022-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The way comments in article.php (vulnerable function in include/functions-article.php) are handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/manage-comments.php, via the GET parameter cmt. | |||||
| CVE-2020-6217 | 1 Sap | 1 Netweaver As Abap Business Server Pages | 2022-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2020-10447 | 1 Chadhaajay | 1 Phpkb | 2022-10-06 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-failed-login.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2019-9167 | 1 Nagios | 1 Nagios Xi | 2022-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter. | |||||
| CVE-2019-9164 | 1 Nagios | 1 Nagios Xi | 2022-10-06 | 6.5 MEDIUM | 8.8 HIGH |
| Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job. | |||||
| CVE-2022-28919 | 2 Dokuwiki, Fedoraproject | 2 Dokuwiki, Fedora | 2022-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename. | |||||
| CVE-2022-0619 | 1 Database Peek Project | 1 Database Peek | 2022-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Database Peek WordPress plugin through 1.2 does not sanitize and escape the match parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-40879 | 1 Keking | 1 Kkfileview | 2022-10-06 | N/A | 6.1 MEDIUM |
| kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the parameter 'errorMsg.' | |||||
| CVE-2020-1941 | 2 Apache, Oracle | 7 Activemq, Communications Diameter Signaling Router, Communications Element Manager and 4 more | 2022-10-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue. | |||||
| CVE-2021-43462 | 1 Rumble Mail Server Project | 1 Rumble Mail Server | 2022-10-05 | 3.5 LOW | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the username parameter. | |||||
| CVE-2020-2230 | 1 Jenkins | 1 Jenkins | 2022-10-05 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission. | |||||
| CVE-2020-2229 | 1 Jenkins | 1 Jenkins | 2022-10-05 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability. | |||||
| CVE-2022-2351 | 1 Wpexperts | 1 Post Smtp | 2022-10-05 | N/A | 4.8 MEDIUM |
| The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfiltered_html capability is disallowed. | |||||
| CVE-2020-35479 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2022-10-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects MediaWiki 1.12.0 and later. | |||||