Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38335 | 1 Vtiger | 1 Vtiger Crm | 2022-09-29 | N/A | 5.4 MEDIUM |
| Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules. | |||||
| CVE-2022-3333 | 1 Zephyr-one | 1 Zephyr Project Manager | 2022-09-29 | N/A | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in Zephyr Project Manager up to 3.2.4. Affected is an unknown function of the file /v1/tasks/create/ of the component REST Call Handler. The manipulation of the argument onanimationstart leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 3.2.5 is able to address this issue. It is recommended to upgrade the affected component. VDB-209370 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3123 | 2 Dokuwiki, Fedoraproject | 2 Dokuwiki, Fedora | 2022-09-29 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a. | |||||
| CVE-2022-25604 | 1 Price Table Project | 1 Price Table | 2022-09-29 | 3.5 LOW | 5.4 MEDIUM |
| Authenticated (contributor of higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Price Table plugin (versions <= 0.2.2). | |||||
| CVE-2021-34562 | 1 Pepperl-fuchs | 4 Wha-gw-f2d2-0-as-z2-eth, Wha-gw-f2d2-0-as-z2-eth.eip, Wha-gw-f2d2-0-as-z2-eth.eip Firmware and 1 more | 2022-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response. | |||||
| CVE-2022-38975 | 1 Ec-cube | 1 Ec-cube | 2022-09-29 | N/A | 5.4 MEDIUM |
| DOM-based cross-site scripting vulnerability in EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote attacker to inject an arbitrary script by having an administrative user of the product to visit a specially crafted page. | |||||
| CVE-2022-39053 | 1 Heimavista | 1 Dark Horse Rpage | 2022-09-28 | N/A | 6.1 MEDIUM |
| Heimavista Rpage has insufficient filtering for platform web URL. An unauthenticated remote attacker can inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack. | |||||
| CVE-2022-39054 | 1 Cowell Enterprise Travel Management System Project | 1 Cowell Enterprise Travel Management System | 2022-09-28 | N/A | 6.1 MEDIUM |
| Cowell enterprise travel management system has insufficient filtering for special characters within web URL. An unauthenticated remote attacker can inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack. | |||||
| CVE-2020-25626 | 3 Debian, Encode, Redhat | 3 Debian Linux, Django Rest Framework, Ceph Storage | 2022-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability. | |||||
| CVE-2020-4757 | 3 Ibm, Linux, Microsoft | 4 Aix, Content Navigator, Linux Kernel and 1 more | 2022-09-28 | 3.5 LOW | 6.4 MEDIUM |
| IBM FileNet Content Manager and IBM Content Navigator 3.0.CD is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188600. | |||||
| CVE-2022-22387 | 1 Ibm | 1 Application Gateway | 2022-09-28 | N/A | 5.4 MEDIUM |
| IBM Application Gateway is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221965. | |||||
| CVE-2022-35722 | 1 Ibm | 1 Jazz For Service Management | 2022-09-28 | N/A | 5.4 MEDIUM |
| IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231381. | |||||
| CVE-2022-40044 | 1 Centreon | 1 Centreon | 2022-09-28 | N/A | 5.4 MEDIUM |
| Centreon v20.10.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations. This vulnerability allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. | |||||
| CVE-2021-38138 | 1 Onenav | 1 Onenav | 2022-09-28 | 3.5 LOW | 5.4 MEDIUM |
| OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release. | |||||
| CVE-2022-38553 | 1 Creativeitem | 1 Academy Learning Management System | 2022-09-28 | N/A | 6.1 MEDIUM |
| Academy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter. | |||||
| CVE-2022-30003 | 1 Online Market Place Site Project | 1 Online Market Place Site | 2022-09-28 | N/A | 5.4 MEDIUM |
| Sourcecodester Online Market Place Site 1.0 is vulnerable to Cross Site Scripting (XSS), allowing attackers to register as a Seller then create new products containing XSS payloads in the 'Product Title' and 'Short Description' fields. | |||||
| CVE-2022-1755 | 1 Svg Support Wordpress | 1 Svg Support | 2022-09-28 | N/A | 5.4 MEDIUM |
| The SVG Support WordPress plugin before 2.5 does not properly handle SVG added via an URL, which could allow users with a role as low as author to perform Cross-Site Scripting attacks | |||||
| CVE-2022-3025 | 1 Bitcoin\/altcoin Faucet Project | 1 Bitcoin\/altcoin Faucet | 2022-09-28 | N/A | 5.4 MEDIUM |
| The Bitcoin / Altcoin Faucet WordPress plugin through 1.6.0 does not have any CSRF check when saving its settings, allowing attacker to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues | |||||
| CVE-2022-23461 | 1 Xdsoft | 1 Jodit Editor | 2022-09-27 | N/A | 6.1 MEDIUM |
| Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds. | |||||
| CVE-2020-8189 | 1 Nextcloud | 1 Desktop | 2022-09-27 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt. | |||||