Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2737 | 1 Wp-staging | 1 Wp Staging | 2022-09-16 | N/A | 4.8 MEDIUM |
| The WP STAGING WordPress plugin before 2.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-36533 | 2 Linux, Syncovery | 2 Linux Kernel, Syncovery | 2022-09-16 | N/A | 5.4 MEDIUM |
| Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2022-37250 | 1 Craftcms | 1 Craft Cms | 2022-09-16 | N/A | 5.4 MEDIUM |
| Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount. | |||||
| CVE-2020-19587 | 1 Idera | 1 Yellowfin Business Intelligence | 2022-09-16 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI. | |||||
| CVE-2022-31861 | 1 Thingsboard | 1 Thingsboard | 2022-09-16 | N/A | 5.4 MEDIUM |
| Cross site Scripting (XSS) in ThingsBoard IoT Platform through 3.3.4.1 via a crafted value being sent to the audit logs. | |||||
| CVE-2020-19586 | 1 Yellowfinbi | 1 Business Intelligence | 2022-09-16 | N/A | 9.0 CRITICAL |
| Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI. | |||||
| CVE-2022-40365 | 1 Gocron Project | 1 Gocron | 2022-09-16 | N/A | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in ouqiang gocron through 1.5.3, allows attackers to execute arbitrary code via scope.row.hostname in web/vue/src/pages/taskLog/list.vue. | |||||
| CVE-2022-36108 | 1 Typo3 | 1 Typo3 | 2022-09-16 | N/A | 6.1 MEDIUM |
| TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `f:asset.css` view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue. | |||||
| CVE-2022-36107 | 1 Typo3 | 1 Typo3 | 2022-09-16 | N/A | 5.4 MEDIUM |
| TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed to exploit this vulnerability. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue. | |||||
| CVE-2022-37137 | 1 Techvill | 1 Paymoney | 2022-09-15 | N/A | 5.4 MEDIUM |
| PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting (XSS) during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will prompt after that or can be access from the view ticket function. | |||||
| CVE-2022-37139 | 1 Loan Management System Project | 1 Loan Management System | 2022-09-15 | N/A | 5.4 MEDIUM |
| Loan Management System version 1.0 suffers from a persistent cross site scripting vulnerability. | |||||
| CVE-2022-36668 | 1 Garage Management System Project | 1 Garage Management System | 2022-09-15 | N/A | 5.4 MEDIUM |
| Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting (XSS) on several parameters. The vulnerabilities exist during creating or editing the parts under parameters. Using the XSS payload, the Stored XSS triggered and can be used for further attack vector. | |||||
| CVE-2022-34336 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2022-09-15 | N/A | 5.4 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229714. | |||||
| CVE-2022-36020 | 1 Typo3 | 1 Html Sanitizer | 2022-09-15 | N/A | 6.1 MEDIUM |
| The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Due to a parsing issue in the upstream package `masterminds/html5`, malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows for a bypass of the cross-site scripting mechanism of `typo3/html-sanitizer`. This issue has been addressed in versions 1.0.7 and 2.0.16 of the `typo3/html-sanitizer` package. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-36778 | 1 Synel | 1 Eharmony | 2022-09-15 | N/A | 5.4 MEDIUM |
| insert HTML / js code inside input how to get to the vulnerable input : Workers > worker nickname > inject in this input the code. | |||||
| CVE-2010-2179 | 3 Adobe, Google, Mozilla | 4 Air, Flash Player, Chrome and 1 more | 2022-09-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing. | |||||
| CVE-2022-38295 | 1 Cuppacms | 1 Cuppacms | 2022-09-14 | N/A | 6.1 MEDIUM |
| Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function. | |||||
| CVE-2022-38291 | 1 Slims | 1 Senayan Library Management System | 2022-09-14 | N/A | 6.1 MEDIUM |
| SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Search function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search bar. | |||||
| CVE-2022-36254 | 1 Hotel Management System Project | 1 Hotel Management System | 2022-09-14 | N/A | 5.4 MEDIUM |
| Multiple persistent cross-site scripting (XSS) vulnerabilities in index.php in tramyardg Hotel Management System 1.0 allow remote attackers to inject arbitrary web script or HTML via multiple parameters such as "fullname". | |||||
| CVE-2022-38972 | 1 Ark-web | 1 A-form | 2022-09-14 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 (for Movable Type 7 Series) and versions prior to 3.9.1 (for Movable Type 6 Series) allows a remote unauthenticated attacker to inject an arbitrary script. | |||||