Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36857 | 1 Wpshopmart | 1 Testimonial Builder | 2022-08-23 | N/A | 5.4 MEDIUM |
| Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in wpshopmart Testimonial Builder plugin <= 1.6.1 at WordPress. | |||||
| CVE-2022-2890 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2022-08-23 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | |||||
| CVE-2022-2932 | 1 Bdg | 1 Mobiledoc Kit | 2022-08-23 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository bustle/mobiledoc-kit prior to 0.14.2. | |||||
| CVE-2021-36847 | 1 Webba-booking | 1 Webba Booking | 2022-08-23 | N/A | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebbaPlugins Webba Booking plugin <= 4.2.21 at WordPress. | |||||
| CVE-2022-0446 | 1 Simple Banner Project | 1 Simple Banner | 2022-08-23 | N/A | 4.8 MEDIUM |
| The Simple Banner WordPress plugin before 2.12.0 does not properly sanitize its "Simple Banner Text" Settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-1340 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2022-08-23 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | |||||
| CVE-2022-34857 | 1 Smartypantsplugins | 1 Sp Project \& Document Manager | 2022-08-23 | N/A | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager plugin <= 4.59 at WordPress | |||||
| CVE-2022-35654 | 1 Pega | 1 Pega Platform | 2022-08-23 | N/A | 6.1 MEDIUM |
| Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter. | |||||
| CVE-2022-36251 | 1 Clinic\'s Patient Management System Project | 1 Clinic\'s Patient Management System | 2022-08-23 | N/A | 6.1 MEDIUM |
| Clinic's Patient Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via patients.php. | |||||
| CVE-2022-35655 | 1 Pega | 1 Pega Platform | 2022-08-23 | N/A | 6.1 MEDIUM |
| Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting. | |||||
| CVE-2022-2885 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2022-08-23 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | |||||
| CVE-2022-0542 | 1 Chatwoot | 1 Chatwoot | 2022-08-23 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoot prior to 2.7.0. | |||||
| CVE-2022-37254 | 1 Dolphinphp Project | 1 Dolphinphp | 2022-08-22 | N/A | 5.4 MEDIUM |
| DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting (XSS) via Background - > System - > system function - > configuration management. | |||||
| CVE-2022-35213 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2022-08-22 | N/A | 6.1 MEDIUM |
| Ecommerce-CodeIgniter-Bootstrap before commit 56465f was discovered to contain a cross-site scripting (XSS) vulnerability via the function base_url() at /blog/blogpublish.php. | |||||
| CVE-2022-35554 | 1 Bpcbt | 1 Smartvista | 2022-08-22 | N/A | 6.1 MEDIUM |
| Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side. | |||||
| CVE-2021-32862 | 1 Jupyter | 1 Nbconvert | 2022-08-19 | N/A | 5.4 MEDIUM |
| The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting (XSS) vulnerabilities if these HTML notebooks are served by a web server (eg: nbviewer). | |||||
| CVE-2020-10391 | 1 Chadhaajay | 1 Phpkb | 2022-08-19 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-article.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10388 | 1 Chadhaajay | 1 Phpkb | 2022-08-19 | 3.5 LOW | 5.4 MEDIUM |
| The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php (vulnerable file admin/include/functions-articles.php). | |||||
| CVE-2020-10426 | 1 Chadhaajay | 1 Phpkb | 2022-08-19 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-groups.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10423 | 1 Chadhaajay | 1 Phpkb | 2022-08-19 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-feedbacks.php by adding a question mark (?) followed by the payload. | |||||