Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28114 | 1 Froala | 1 Froala Editor | 2022-09-23 | 3.5 LOW | 5.4 MEDIUM |
| Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing. | |||||
| CVE-2020-20977 | 1 Ukcms | 1 Ukcms | 2022-09-23 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section. | |||||
| CVE-2022-28982 | 1 Liferay | 2 Dxp, Liferay Portal | 2022-09-23 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name of a tag. | |||||
| CVE-2022-3255 | 1 Pimcore | 1 Pimcore | 2022-09-23 | N/A | 4.8 MEDIUM |
| If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Perform any action within the application that the user can perform. View any information that the user is able to view. Modify any information that the user is able to modify. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user. | |||||
| CVE-2022-38073 | 1 Getawesomesupport | 1 Awesome Support | 2022-09-22 | N/A | 5.4 MEDIUM |
| Multiple Authenticated (custom specific plugin role) Persistent Cross-Site Scripting (XSS) vulnerability in Awesome Support plugin <= 6.0.7 at WordPress. | |||||
| CVE-2022-36390 | 1 Total-soft | 1 Event Calendar | 2022-09-22 | N/A | 5.4 MEDIUM |
| Authenticated (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Totalsoft Event Calendar – Calendar plugin <= 1.4.6 at WordPress. | |||||
| CVE-2022-2266 | 1 Yordam | 1 Library Automation System | 2022-09-22 | N/A | 6.1 MEDIUM |
| University Library Automation System developed by Yordam Bilgi Teknolojileri before version 19.2 has an unauthenticated Reflected XSS vulnerability. This has been fixed in the version 19.2 | |||||
| CVE-2022-39197 | 1 Helpsystems | 1 Cobalt Strike | 2022-09-22 | N/A | 6.1 MEDIUM |
| An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the payload (or create a new payload with the extracted information and then modify that username field to be malformed). | |||||
| CVE-2022-30577 | 1 Tibco | 1 Ebx | 2022-09-22 | N/A | 9.0 CRITICAL |
| The Web Server component of TIBCO Software Inc.'s TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 6.0.0 through 6.0.8. | |||||
| CVE-2022-37246 | 1 Craftcms | 1 Craft Cms | 2022-09-22 | N/A | 5.4 MEDIUM |
| Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label: elementInfo.label. | |||||
| CVE-2022-40027 | 1 Simple Task Managing System Project | 1 Simple Task Managing System | 2022-09-22 | N/A | 6.1 MEDIUM |
| SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newTask.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter. | |||||
| CVE-2022-40028 | 1 Simple Task Managing System Project | 1 Simple Task Managing System | 2022-09-22 | N/A | 4.8 MEDIUM |
| SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullName parameter. | |||||
| CVE-2022-40029 | 1 Simple Task Managing System Project | 1 Simple Task Managing System | 2022-09-22 | N/A | 4.8 MEDIUM |
| SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter. | |||||
| CVE-2022-41239 | 1 Jenkins | 1 Dotci | 2022-09-22 | N/A | 5.4 MEDIUM |
| Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability. | |||||
| CVE-2022-41240 | 1 Jenkins | 1 Walti | 2022-09-22 | N/A | 5.4 MEDIUM |
| Jenkins Walti Plugin 1.0.1 and earlier does not escape the information provided by the Walti API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide malicious API responses from Walti. | |||||
| CVE-2022-41224 | 1 Jenkins | 1 Jenkins | 2022-09-22 | N/A | 5.4 MEDIUM |
| Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control tooltips for this component. | |||||
| CVE-2022-41225 | 1 Jenkins | 1 Anchore Container Image Scanner | 2022-09-22 | N/A | 5.4 MEDIUM |
| Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control API responses by Anchore engine. | |||||
| CVE-2022-41229 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2022-09-22 | N/A | 5.4 MEDIUM |
| Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-39220 | 1 Sftpgo Project | 1 Sftpgo | 2022-09-22 | N/A | 6.1 MEDIUM |
| SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are subject to Cross-site scripting (XSS) vulnerabilities in the SFTPGo WebClient, allowing remote attackers to inject malicious code. This issue is patched in version 2.3.5. No known workarounds exist. | |||||
| CVE-2022-38550 | 1 Jeesns | 1 Jeesns | 2022-09-22 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the /weibo/list component of Jeesns v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||