Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38545 | 1 Valine.js | 1 Valine | 2022-09-22 | N/A | 9.6 CRITICAL |
| Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a crafted POST request. | |||||
| CVE-2022-38527 | 1 Ucms Project | 1 Ucms | 2022-09-22 | N/A | 6.1 MEDIUM |
| UCMS v1.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Import function under the Site Management page. | |||||
| CVE-2022-3245 | 1 Microweber | 1 Microweber | 2022-09-21 | N/A | 6.1 MEDIUM |
| HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input. | |||||
| CVE-2006-3918 | 4 Apache, Canonical, Debian and 1 more | 5 Http Server, Ubuntu Linux, Debian Linux and 2 more | 2022-09-21 | 4.3 MEDIUM | N/A |
| http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file. | |||||
| CVE-2022-32167 | 1 Cloudreve | 1 Cloudreve | 2022-09-21 | N/A | 5.4 MEDIUM |
| Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cross-Site Scripting (XSS), via the file upload functionality. A low privileged user will be able to share a file with an admin user, which could lead to privilege escalation. | |||||
| CVE-2008-0005 | 3 Apache, Canonical, Fedoraproject | 3 Http Server, Ubuntu Linux, Fedora | 2022-09-21 | 4.3 MEDIUM | N/A |
| mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding. | |||||
| CVE-2008-0455 | 2 Apache, Redhat | 6 Http Server, Enterprise Linux, Enterprise Linux Desktop and 3 more | 2022-09-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file. | |||||
| CVE-2017-9338 | 1 Owncloud | 1 Owncloud | 2022-09-21 | 3.5 LOW | 5.4 MEDIUM |
| Inadequate escaping lead to XSS vulnerability in the search module in ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2. To be exploitable a user has to write or paste malicious content into the search dialogue. | |||||
| CVE-2022-3242 | 1 Microweber | 1 Microweber | 2022-09-21 | N/A | 6.1 MEDIUM |
| Code Injection in GitHub repository microweber/microweber prior to 1.3.2. | |||||
| CVE-2022-3000 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2022-09-21 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | |||||
| CVE-2022-2924 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2022-09-21 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3. | |||||
| CVE-2022-3004 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2022-09-21 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | |||||
| CVE-2022-3005 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2022-09-21 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | |||||
| CVE-2022-23766 | 2 Bigfile, Microsoft | 2 Bigfileagent, Windows | 2022-09-21 | N/A | 8.8 HIGH |
| An improper input validation vulnerability leading to arbitrary file execution was discovered in BigFileAgent. In order to cause arbitrary files to be executed, the attacker makes the victim access a web page d by them or inserts a script using XSS into a general website. | |||||
| CVE-2022-40714 | 1 Nokia | 1 1350 Optical Management System | 2022-09-21 | N/A | 6.1 MEDIUM |
| An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /oms1350/* endpoints. | |||||
| CVE-2022-40712 | 1 Nokia | 1 1350 Optical Management System | 2022-09-21 | N/A | 6.1 MEDIUM |
| An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /cgi-bin/R14.2* endpoints. | |||||
| CVE-2022-35194 | 1 Testlink | 1 Testlink | 2022-09-21 | N/A | 5.4 MEDIUM |
| TestLink v1.9.20 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /lib/inventory/inventoryView.php. | |||||
| CVE-2022-37247 | 1 Craftcms | 1 Craft Cms | 2022-09-21 | N/A | 5.4 MEDIUM |
| Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page. | |||||
| CVE-2022-37251 | 1 Craftcms | 1 Craft Cms | 2022-09-21 | N/A | 5.4 MEDIUM |
| Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts. | |||||
| CVE-2020-25491 | 1 6kare | 1 Emakin | 2022-09-21 | N/A | 6.1 MEDIUM |
| 6Kare Emakin 5.0.341.0 is affected by Cross Site Scripting (XSS) via the /rpc/membership/setProfile DisplayName field, which is mishandled when rendering the Activity Stream page. | |||||