Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-1456 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2022-09-02 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1450, CVE-2020-1451. | |||||
| CVE-2020-13596 | 6 Canonical, Debian, Djangoproject and 3 more | 7 Ubuntu Linux, Debian Linux, Django and 4 more | 2022-09-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack. | |||||
| CVE-2021-3914 | 1 Redhat | 3 Build Of Quarkus, Openshift Application Runtimes, Smallrye Health | 2022-09-02 | N/A | 6.1 MEDIUM |
| It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks. | |||||
| CVE-2022-23675 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2022-09-01 | 3.5 LOW | 4.8 MEDIUM |
| A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2022-23674 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2022-09-01 | 3.5 LOW | 5.4 MEDIUM |
| A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2022-27546 | 1 Hcltech | 2 Domino, Hcl Inotes | 2022-09-01 | N/A | 6.1 MEDIUM |
| HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser within the security context of the hosting web site and/or steal the victim's cookie-based authentication credentials. | |||||
| CVE-2022-25646 | 1 X-data-spreadsheet Project | 1 X-data-spreadsheet | 2022-09-01 | N/A | 6.1 MEDIUM |
| All versions of package x-data-spreadsheet are vulnerable to Cross-site Scripting (XSS) due to missing sanitization of values inserted into the cells. | |||||
| CVE-2022-36194 | 1 Centreon | 1 Centreon | 2022-09-01 | N/A | 5.4 MEDIUM |
| Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the function Pollers > Broker Configuration by adding a crafted payload into the name parameter. | |||||
| CVE-2022-0225 | 1 Redhat | 2 Keycloak, Single Sign-on | 2022-09-01 | N/A | 5.4 MEDIUM |
| A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack. | |||||
| CVE-2022-1494 | 1 Google | 1 Chrome | 2022-09-01 | N/A | 6.1 MEDIUM |
| Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass trusted types policy via a crafted HTML page. | |||||
| CVE-2022-1492 | 1 Google | 1 Chrome | 2022-09-01 | N/A | 6.1 MEDIUM |
| Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page. | |||||
| CVE-2022-36573 | 1 Pagekit | 1 Pagekit | 2022-09-01 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under /blog/post/edit. | |||||
| CVE-2022-36748 | 1 Picuploader Project | 1 Picuploader | 2022-09-01 | N/A | 6.1 MEDIUM |
| PicUploader v2.6.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /master/index.php. | |||||
| CVE-2022-36746 | 1 Librenms | 1 Librenms | 2022-09-01 | N/A | 6.1 MEDIUM |
| LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component oxidized-cfg-check.inc.php. | |||||
| CVE-2022-36745 | 1 Librenms | 1 Librenms | 2022-09-01 | N/A | 6.1 MEDIUM |
| LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component print-customoid.php. | |||||
| CVE-2022-36657 | 1 Library Management System Project | 1 Library Management System | 2022-08-31 | N/A | 4.8 MEDIUM |
| Library Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /librarian/edit_book_details.php. | |||||
| CVE-2022-2599 | 1 Anti-malware Security And Brute-force Firewall Project | 1 Anti-malware Security And Brute-force Firewall | 2022-08-31 | N/A | 6.1 MEDIUM |
| The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.21.83 does not sanitise and escape some parameters before outputting them back in an admin dashboard, leading to Reflected Cross-Site Scripting | |||||
| CVE-2022-3035 | 1 Snipeitapp | 1 Snipe-it | 2022-08-31 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11. | |||||
| CVE-2022-2538 | 1 Nsp-code | 1 Wp Hide \& Security Enhancer | 2022-08-31 | N/A | 6.1 MEDIUM |
| The WP Hide & Security Enhancer WordPress plugin before 1.8 does not escape a parameter before outputting it back in an attribute of a backend page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-2537 | 1 Wpovernight | 1 Woocommerce Pdf Invoices\& Packing Slips | 2022-08-31 | N/A | 6.1 MEDIUM |
| The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting. | |||||