Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42597 | 1 Storage Unit Rental Management System Project | 1 Storage Unit Rental Management System | 2022-09-20 | N/A | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Storage Unit Rental Management System PHP 8.0.10 , Apache 2.4.14, SURMS V 1.0 via the Add New Tenant List Rent List form. | |||||
| CVE-2021-41731 | 1 News247 News Magazine \(cms\) Project | 1 News247 News Magazine \(cms\) | 2022-09-20 | N/A | 4.8 MEDIUM |
| Cross Site Scripting (XSS vulnerability exists in )Sourcecodester News247 News Magazine (CMS) PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name field | |||||
| CVE-2022-3223 | 1 Diagrams | 1 Drawio | 2022-09-20 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.3.1. | |||||
| CVE-2022-2887 | 1 Acnam | 1 Wp Server Health Stats | 2022-09-20 | N/A | 4.8 MEDIUM |
| The WP Server Health Stats WordPress plugin before 1.7.0 does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-2635 | 1 Autoptimize | 1 Autoptimize | 2022-09-20 | N/A | 4.8 MEDIUM |
| The Autoptimize WordPress plugin before 3.1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-2654 | 1 Radiustheme | 5 Classified Listing - Classified Ads \& Business Directory, Classified Listing Pro - Classified Ads \& Business Directory, Classified Listing Store \& Membership and 2 more | 2022-09-20 | N/A | 6.1 MEDIUM |
| The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10) do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting | |||||
| CVE-2022-2575 | 1 Woobewoo | 1 Wbw Currency Switcher For Woocommerce | 2022-09-20 | N/A | 4.8 MEDIUM |
| The WBW Currency Switcher for WooCommerce WordPress plugin before 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2021-25049 | 1 Mobileeventsmanager | 1 Mobile Events Manager | 2022-09-20 | 3.5 LOW | 4.8 MEDIUM |
| The Mobile Events Manager WordPress plugin before 1.4.4 does not sanitise and escape various of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-2799 | 1 Wpaffiliatemanager | 1 Affiliates Manager | 2022-09-20 | N/A | 4.8 MEDIUM |
| The Affiliates Manager WordPress plugin before 2.9.14 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-2669 | 1 Wp Taxonomy Import Project | 1 Wp Taxonomy Import | 2022-09-20 | N/A | 6.1 MEDIUM |
| The WP Taxonomy Import WordPress plugin through 1.0.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-2655 | 1 Radiustheme | 1 Classified Listing Pro - Classified Ads \& Business Directory | 2022-09-20 | N/A | 6.1 MEDIUM |
| The Classified Listing Pro WordPress plugin before 2.0.20 does not escape a generated URL before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-27561 | 1 Hcltech | 1 Traveler | 2022-09-19 | N/A | 4.8 MEDIUM |
| There is a reflected Cross-Site Scripting vulnerability in the HCL Traveler web admin (LotusTraveler.nsf). | |||||
| CVE-2022-38814 | 1 Fiberhome | 2 An5506-02-b, An5506-02-b Firmware | 2022-09-19 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the auth_settings component of FiberHome AN5506-02-B vRP2521 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the sncfg_loid text field. | |||||
| CVE-2022-37724 | 1 Apple | 1 Webobjects | 2022-09-19 | N/A | 6.1 MEDIUM |
| Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces. | |||||
| CVE-2022-35945 | 1 Glpi-project | 1 Glpi | 2022-09-19 | N/A | 6.1 MEDIUM |
| GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Information associated to registration key are not properly escaped in registration key configuration page. They can be used to steal a GLPI administrator cookie. Users are advised to upgrade to 10.0.3. There are no known workarounds for this issue. ### Workarounds Do not use a registration key created by an untrusted person. | |||||
| CVE-2022-31187 | 1 Glpi-project | 1 Glpi | 2022-09-19 | N/A | 5.4 MEDIUM |
| GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions were found to not properly neutralize HTML tags in the global search context. Users are advised to upgrade to version 10.0.3 to resolve this issue. Users unable to upgrade should disable global search. | |||||
| CVE-2022-3211 | 1 Pimcore | 1 Pimcore | 2022-09-18 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.6. | |||||
| CVE-2022-29649 | 1 Qsmart Next Project | 1 Qsmart Next | 2022-09-18 | N/A | 6.1 MEDIUM |
| Qsmart Next v4.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2021-44076 | 1 Crushftp | 1 Crushftp | 2022-09-16 | N/A | 4.8 MEDIUM |
| An issue was discovered in CrushFTP 9. The creation of a new user through the /WebInterface/UserManager/ interface allows an attacker, with access to the administration panel, to perform Stored Cross-Site Scripting (XSS). The payload can be executed in multiple scenarios, for example when the user's page appears in the Most Visited section of the page. | |||||
| CVE-2022-37248 | 1 Craftcms | 1 Craft Cms | 2022-09-16 | N/A | 5.4 MEDIUM |
| Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php. | |||||