Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3138 | 1 Diagrams | 1 Drawio | 2022-09-09 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio prior to 20.3.0. | |||||
| CVE-2022-3148 | 1 Diagrams | 1 Drawio | 2022-09-09 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio prior to 20.3.0. | |||||
| CVE-2022-31792 | 1 Watchguard | 1 Fireware | 2022-09-09 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability exists in the management web interface of WatchGuard Firebox and XTM appliances. A remote attacker can potentially execute arbitrary JavaScript code in the management web interface by sending crafted requests to exposed management ports. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4. | |||||
| CVE-2022-39824 | 1 Appsmith | 1 Appsmith | 2022-09-09 | N/A | 8.9 HIGH |
| Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code from the server via the currentItem property of the list widget, e.g., to perform DoS attacks or achieve an information leak. | |||||
| CVE-2022-36057 | 1 Discourse | 1 Discourse-chat | 2022-09-09 | N/A | 4.8 MEDIUM |
| Discourse-Chat is an asynchronous messaging plugin for the Discourse open-source discussion platform. Users of Discourse Chat can be affected by admin users inserting HTML into chat titles and descriptions, causing a Cross-Site Scripting (XSS) attack. Version 0.9 contains a patch for this issue. | |||||
| CVE-2022-38247 | 1 Nagios | 1 Nagios Xi | 2022-09-09 | N/A | 4.8 MEDIUM |
| Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Settings page under the Admin panel. | |||||
| CVE-2022-38248 | 1 Nagios | 1 Nagios Xi | 2022-09-09 | N/A | 6.1 MEDIUM |
| Nagios XI before v5.8.7 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at auditlog.php. | |||||
| CVE-2022-38249 | 1 Nagios | 1 Nagios Xi | 2022-09-09 | N/A | 6.1 MEDIUM |
| Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the MTR component in version 1.0.4. | |||||
| CVE-2022-38254 | 1 Nagios | 1 Nagios Xi | 2022-09-09 | N/A | 6.1 MEDIUM |
| Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5. | |||||
| CVE-2022-38251 | 1 Nagios | 1 Nagios Xi | 2022-09-09 | N/A | 4.8 MEDIUM |
| Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Performance Settings page under the Admin panel. | |||||
| CVE-2022-1628 | 1 Coleds | 1 Simple Seo | 2022-09-08 | N/A | 5.4 MEDIUM |
| The Simple SEO plugin for WordPress is vulnerable to attribute-based stored Cross-Site Scripting in versions up to, and including 1.7.91, due to insufficient sanitization or escaping on the SEO social and standard title parameters. This can be exploited by authenticated users with Contributor and above permissions to inject arbitrary web scripts into posts/pages that execute whenever an administrator access the page. | |||||
| CVE-2021-36829 | 1 Mythemeshop | 1 Launcher | 2022-09-08 | N/A | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MyThemeShop Launcher: Coming Soon & Maintenance Mode plugin <= 1.0.11 at WordPress. | |||||
| CVE-2022-34656 | 1 Wpdevart | 1 Poll\, Survey\, Questionnaire And Voting System | 2022-09-08 | N/A | 4.8 MEDIUM |
| Authenticated (admin+) Cross-Site Scripting (XSS) vulnerability in wpdevart Poll, Survey, Questionnaire and Voting system plugin <= 1.7.4 at WordPress. | |||||
| CVE-2022-37253 | 1 Crime Reporting System Project | 1 Crime Reporting System | 2022-09-08 | N/A | 5.4 MEDIUM |
| Persistent cross-site scripting (XSS) in Crime Reporting System 1.0 allows a remote attacker to introduce arbitary Javascript via manipulation of an unsanitized POST parameter | |||||
| CVE-2022-39050 | 1 Otrs | 1 Otrs | 2022-09-08 | N/A | 4.8 MEDIUM |
| An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external data sources e.g. database or ldap | |||||
| CVE-2021-43080 | 1 Fortinet | 1 Fortios | 2022-09-08 | N/A | 5.4 MEDIUM |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.2.0, version 6.4.0 through 6.4.9, version 7.0.0 through 7.0.5 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack through the URI parameter via the Threat Feed IP address section of the Security Fabric External connectors. | |||||
| CVE-2022-39049 | 1 Otrs | 1 Otrs | 2022-09-08 | N/A | 4.8 MEDIUM |
| An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. | |||||
| CVE-2022-26114 | 1 Fortinet | 1 Fortimail | 2022-09-08 | N/A | 6.1 MEDIUM |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in the Webmail of FortiMail before 7.2.0 may allow an unauthenticated attacker to trigger a cross-site scripting (XSS) attack via sending specially crafted mail messages. | |||||
| CVE-2022-2271 | 1 Wpseeds | 1 Wp Database Backup | 2022-09-08 | N/A | 4.8 MEDIUM |
| The WP Database Backup WordPress plugin before 5.9 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-25370 | 1 Apache | 1 Ofbiz | 2022-09-07 | N/A | 5.4 MEDIUM |
| Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142), an unauthenticated malicious user could perform a stored XSS attack in order to inject a malicious payload and execute it using the stored XSS. | |||||