Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2384 | 1 Supsystic | 1 Digital Publications By Supsystic | 2022-08-16 | N/A | 4.8 MEDIUM |
| The Digital Publications by Supsystic WordPress plugin before 1.7.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-2378 | 1 Easy Student Results Project | 1 Easy Student Results | 2022-08-16 | N/A | 6.1 MEDIUM |
| The Easy Student Results WordPress plugin through 2.2.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-2814 | 1 Simple And Nice Shopping Cart Script Project | 1 Simple And Nice Shopping Cart Script | 2022-08-16 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in SourceCodester Simple and Nice Shopping Cart Script and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /mkshope/login.php. The manipulation of the argument msg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206401 was assigned to this vulnerability. | |||||
| CVE-2022-38186 | 1 Esri | 1 Portal For Arcgis | 2022-08-16 | N/A | 6.1 MEDIUM |
| There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser. | |||||
| CVE-2022-38188 | 1 Esri | 1 Portal For Arcgis | 2022-08-16 | N/A | 6.1 MEDIUM |
| There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser. | |||||
| CVE-2022-38190 | 1 Esri | 1 Portal For Arcgis | 2022-08-16 | N/A | 6.1 MEDIUM |
| A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS configurable apps may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser | |||||
| CVE-2022-2811 | 1 Guest Management System Project | 1 Guest Management System | 2022-08-16 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in SourceCodester Guest Management System. This affects an unknown part of the file myform.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206397 was assigned to this vulnerability. | |||||
| CVE-2022-37044 | 1 Zimbra | 1 Collaboration | 2022-08-16 | N/A | 6.1 MEDIUM |
| In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/search?action accepts parameters called extra, title, and onload that are partially sanitised and lead to reflected XSS that allows executing arbitrary JavaScript on the victim's machine. | |||||
| CVE-2022-33994 | 1 Gutenberg Project | 1 Gutenberg | 2022-08-16 | N/A | 3.0 LOW |
| The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the "Insert from URL" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous attempts by low-privileged users to reference SVG documents are blocked by some similar products, and this behavioral difference might have security relevance to some WordPress site administrators. | |||||
| CVE-2022-2768 | 1 Library Management System Project | 1 Library Management System | 2022-08-15 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in SourceCodester Library Management System. This vulnerability affects unknown code of the file /qr/I/. The manipulation of the argument error leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-206164. | |||||
| CVE-2022-35590 | 1 Fork-cms | 1 Fork Cms | 2022-08-15 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "end_date" Parameter | |||||
| CVE-2022-35589 | 1 Fork-cms | 1 Fork Cms | 2022-08-15 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_time" Parameter. | |||||
| CVE-2022-35585 | 1 Fork-cms | 1 Fork Cms | 2022-08-15 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "start_date" Parameter | |||||
| CVE-2022-35587 | 1 Fork-cms | 1 Fork Cms | 2022-08-15 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_date" Parameter | |||||
| CVE-2021-42750 | 1 Thingsboard | 1 Thingsboard | 2022-08-15 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the title of a rule node. | |||||
| CVE-2021-42751 | 1 Thingsboard | 1 Thingsboard | 2022-08-15 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the description of a rule node. | |||||
| CVE-2022-2748 | 1 Simple Online Book Store System Project | 1 Simple Online Book Store System | 2022-08-15 | N/A | 6.1 MEDIUM |
| A vulnerability was found in SourceCodester Simple Online Book Store System. It has been classified as problematic. Affected is an unknown function of the file /admin/edit.php. The manipulation of the argument eid leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-206016. | |||||
| CVE-2022-2767 | 1 Online Admission System Project | 1 Online Admission System | 2022-08-15 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in SourceCodester Online Admission System. This affects an unknown part of the file /index.php. The manipulation of the argument student_add leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-206163. | |||||
| CVE-2022-2777 | 1 Microweber | 1 Microweber | 2022-08-15 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.1. | |||||
| CVE-2022-2773 | 1 Apartment Visitors Management System Project | 1 Apartment Visitors Management System | 2022-08-15 | N/A | 6.1 MEDIUM |
| A vulnerability was found in SourceCodester Apartment Visitor Management System. It has been classified as problematic. This affects an unknown part of the file profile.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-206169 was assigned to this vulnerability. | |||||