Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2374 | 1 Nsqua | 1 Simply Schedule Appointments | 2022-08-31 | N/A | 4.8 MEDIUM |
| The Simply Schedule Appointments WordPress plugin before 1.5.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-37059 | 1 Intelliants | 1 Subrion Cms | 2022-08-31 | N/A | 4.8 MEDIUM |
| Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary code via Login Field | |||||
| CVE-2022-3015 | 1 Fast Food Ordering System Project | 1 Fast Food Ordering System | 2022-08-31 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in oretnom23 Fast Food Ordering System. This issue affects some unknown processing of the file admin/?page=reports. The manipulation of the argument date leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-207425 was assigned to this vulnerability. | |||||
| CVE-2022-3014 | 1 Simple Task Managing System Project | 1 Simple Task Managing System | 2022-08-31 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in SourceCodester Simple Task Managing System. This vulnerability affects unknown code. The manipulation of the argument student_add leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-207424. | |||||
| CVE-2022-35714 | 1 Ibm | 1 Maximo Asset Management | 2022-08-31 | N/A | 5.4 MEDIUM |
| IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231116. | |||||
| CVE-2021-39393 | 1 Mm-wiki Project | 1 Mm-wiki | 2022-08-31 | N/A | 6.1 MEDIUM |
| mm-wiki v0.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the markdown editor. | |||||
| CVE-2022-37317 | 1 Rsa | 1 Archer | 2022-08-30 | N/A | 5.4 MEDIUM |
| Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability. An authenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious code in the context of the web application. 6.10 P4 (6.10.0.4) and 6.11 P2 HF4 (6.11.0.2.4) are also fixed releases. | |||||
| CVE-2021-24884 | 1 Strategy11 | 1 Formidable Form Builder | 2022-08-30 | 6.8 MEDIUM | 9.6 CRITICAL |
| The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a> and<button>.This could allow an unauthenticated, remote attacker to exploit a HTML-injection byinjecting a malicous link. The HTML-injection may trick authenticated users to follow the link. If the Link gets clicked, Javascript code can be executed. The vulnerability is due to insufficient sanitization of the "data-frmverify" tag for links in the web-based entry inspection page of affected systems. A successful exploitation incomibantion with CSRF could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These actions include stealing the users account by changing their password or allowing attackers to submit their own code through an authenticated user resulting in Remote Code Execution. If an authenticated user who is able to edit Wordpress PHP Code in any kind, clicks the malicious link, PHP code can be edited. | |||||
| CVE-2022-36548 | 1 Edoc-doctor-appointment-system Project | 1 Edoc-doctor-appointment-system | 2022-08-29 | N/A | 5.4 MEDIUM |
| Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability at /patient/settings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field. | |||||
| CVE-2022-36547 | 1 Edoc-doctor-appointment-system Project | 1 Edoc-doctor-appointment-system | 2022-08-29 | N/A | 6.1 MEDIUM |
| Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /patient/index.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field. | |||||
| CVE-2022-37318 | 1 Rsa | 1 Archer | 2022-08-29 | N/A | 6.1 MEDIUM |
| Archer Platform 6.9 SP2 P2 before 6.11 P3 (6.11.0.3) contain a reflected XSS vulnerability. A remote unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious JavaScript code to the vulnerable web application. This code is then reflected to the victim and gets executed by the web browser in the context of the vulnerable web application. 6.10 P4 (6.10.0.4) and 6.11 P2 HF4 (6.11.0.2.4) are also fixed releases. | |||||
| CVE-2022-37244 | 1 Altn | 1 Security Gateway For Email Servers | 2022-08-29 | N/A | 5.4 MEDIUM |
| MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter. after login leads to inject malicious tag leads to IFRAME injection. | |||||
| CVE-2022-37952 | 1 Ge | 1 Workstationst | 2022-08-29 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST (<v07.09.15) could allow an attacker to compromise a victim's browser. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater. | |||||
| CVE-2018-14520 | 1 Getkirby | 1 Kirby | 2022-08-28 | N/A | 5.4 MEDIUM |
| An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages. | |||||
| CVE-2022-38080 | 1 Exceedone | 2 Exment, Laravel-admin | 2022-08-28 | N/A | 5.4 MEDIUM |
| Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script. | |||||
| CVE-2022-38089 | 1 Exceedone | 2 Exment, Laravel-admin | 2022-08-26 | N/A | 5.4 MEDIUM |
| Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script. | |||||
| CVE-2022-36527 | 1 Jflyfox | 1 Jfinal Cms | 2022-08-26 | N/A | 5.4 MEDIUM |
| Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module. | |||||
| CVE-2022-37162 | 1 Claroline | 1 Claroline | 2022-08-26 | N/A | 5.4 MEDIUM |
| Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS). An attacker can obtain javascript code execution by adding arbitrary javascript code in the 'Location' field of a calendar event. | |||||
| CVE-2022-37161 | 1 Claroline | 1 Claroline | 2022-08-26 | N/A | 6.1 MEDIUM |
| Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) via SVG file upload. | |||||
| CVE-2022-37160 | 1 Claroline | 1 Claroline | 2022-08-26 | N/A | 5.4 MEDIUM |
| Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with administrative rights by opening an SVG file as an administrator user. | |||||