Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10219 | 3 Netapp, Oracle, Redhat | 195 Active Iq Unified Manager, Element, Management Services For Element Software And Netapp Hci and 192 more | 2022-09-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. | |||||
| CVE-2020-9281 | 4 Ckeditor, Drupal, Fedoraproject and 1 more | 11 Ckeditor, Drupal, Fedora and 8 more | 2022-09-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax). | |||||
| CVE-2021-35043 | 3 Antisamy Project, Netapp, Oracle | 10 Antisamy, Active Iq Unified Manager, Banking Enterprise Default Management and 7 more | 2022-09-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with : as the replacement for the : character. | |||||
| CVE-2022-2430 | 1 Visualcomposer | 1 Visual Composer Website Builder | 2022-09-12 | N/A | 5.4 MEDIUM |
| The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Text Block' feature in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the visual composer editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2022-35275 | 1 Algolplus | 1 Advanced Order Export | 2022-09-09 | N/A | 4.8 MEDIUM |
| Authenticated (shop manager+) Reflected Cross-Site Scripting (XSS) vulnerability in AlgolPlus Advanced Order Export For WooCommerce plugin <= 3.3.1 at WordPress. | |||||
| CVE-2022-35725 | 1 Wp-forecast Project | 1 Wp-forecast | 2022-09-09 | N/A | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hans Matzen's wp-forecast plugin <= 7.5 at WordPress. | |||||
| CVE-2022-36356 | 1 Culture Object Project | 1 Culture Object | 2022-09-09 | N/A | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam Gladdy / Thirty8 Digital Culture Object plugin <= 4.0.1 at WordPress. | |||||
| CVE-2022-37335 | 1 Webhelpagency | 1 Word Search Puzzles | 2022-09-09 | N/A | 4.8 MEDIUM |
| Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in WHA's Word Search Puzzles game plugin <= 2.0.1 at WordPress. | |||||
| CVE-2022-37403 | 1 Add User Role Project | 1 Add User Role | 2022-09-09 | N/A | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nikhil Vaghela's Add User Role plugin <= 0.0.1 at WordPress. | |||||
| CVE-2022-37404 | 1 Add2fav Project | 1 Add2fav | 2022-09-09 | N/A | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christian Salazar's add2fav plugin <= 1.0 at WordPress. | |||||
| CVE-2022-37407 | 1 Wpchill | 1 Gallery Photoblocks | 2022-09-09 | N/A | 5.4 MEDIUM |
| Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at WordPress. | |||||
| CVE-2022-37412 | 1 Better Delete Revision Project | 1 Better Delete Revision | 2022-09-09 | N/A | 4.8 MEDIUM |
| Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Galerio & Urda's Better Delete Revision plugin <= 1.6.1 at WordPress. | |||||
| CVE-2022-38068 | 1 Apasionados | 1 Export Post Info | 2022-09-09 | N/A | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Apasionados Export Post Info plugin <= 1.1.0 at WordPress. | |||||
| CVE-2022-40191 | 1 Contact Form By Mega Forms Project | 1 Contact Form By Mega Forms | 2022-09-09 | N/A | 5.4 MEDIUM |
| Authenticated (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Ali Khallad's Contact Form By Mega Forms plugin <= 1.2.4 at WordPress. | |||||
| CVE-2022-2473 | 1 Wp-useronline Project | 1 Wp-useronline | 2022-09-09 | N/A | 4.8 MEDIUM |
| The WP-UserOnline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘templates[browsingpage][text]' parameter in versions up to, and including, 2.87.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative capabilities and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The only affects multi-site installations and installations where unfiltered_html is disabled. | |||||
| CVE-2022-2515 | 1 Simple Banner Project | 1 Simple Banner | 2022-09-09 | N/A | 5.4 MEDIUM |
| The Simple Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `pro_version_activation_code` parameter in versions up to, and including, 2.11.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, including those without administrative capabilities when access is granted to those users, to inject arbitrary web scripts in page that will execute whenever a user role having access to "Simple Banner" accesses the plugin's settings. | |||||
| CVE-2021-39205 | 1 8x8 | 1 Jitsi Meet | 2022-09-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jitsi Meet is an open source video conferencing application. Versions prior to 2.0.6173 are vulnerable to client-side cross-site scripting via injecting properties into JSON objects that were not properly escaped. There are no known incidents related to this vulnerability being exploited in the wild. This issue is fixed in Jitsi Meet version 2.0.6173. There are no known workarounds aside from upgrading. | |||||
| CVE-2021-34590 | 1 Bender | 4 Cc612, Cc612 Firmware, Cc613 and 1 more | 2022-09-09 | 3.5 LOW | 5.4 MEDIUM |
| In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed. | |||||
| CVE-2022-21702 | 3 Fedoraproject, Grafana, Netapp | 3 Fedora, Grafana, E-series Performance Analyzer | 2022-09-09 | 2.1 LOW | 5.4 MEDIUM |
| Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability. | |||||
| CVE-2020-19914 | 1 Xiuno | 1 Xiunobbs | 2022-09-09 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in xiunobbs 4.0.4 allows remote attackers to execute arbitrary web script or HTML via the attachment upload function. | |||||