Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2769 | 1 Company Website Cms Project | 1 Company Website Cms | 2022-08-15 | N/A | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Company Website CMS. This issue affects some unknown processing of the file /dashboard/contact. The manipulation of the argument phone leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206165 was assigned to this vulnerability. | |||||
| CVE-2022-35697 | 1 Adobe | 1 Web Content Management Core Components | 2022-08-15 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager Core Components version 2.20.6 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires a low author privilege access. | |||||
| CVE-2022-33929 | 1 Dell | 1 Wyse Management Suite | 2022-08-12 | N/A | 6.1 MEDIUM |
| Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in EndUserSummary page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | |||||
| CVE-2022-35509 | 1 Eyoucms | 1 Eyoucms | 2022-08-12 | N/A | 5.4 MEDIUM |
| An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an attacker to execute arbitrary Web scripts or HTML by injecting a special payload via the title parameter in the foreground contribution, allowing the attacker to obtain sensitive information. | |||||
| CVE-2020-25955 | 1 Student Management System Project In Php Project | 1 Student Management System Project In Php | 2022-08-12 | 3.5 LOW | 5.4 MEDIUM |
| SourceCodester Student Management System Project in PHP version 1.0 is vulnerable to stored a cross-site scripting (XSS) via the 'add subject' tab. | |||||
| CVE-2022-20869 | 1 Cisco | 1 Broadworks | 2022-08-12 | N/A | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. | |||||
| CVE-2022-20820 | 1 Cisco | 1 Webex Meetings | 2022-08-12 | N/A | 5.4 MEDIUM |
| Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow a remote attacker to conduct a cross-site scripting (XSS) attack or a frame hijacking attack against a user of the web interface. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-36801 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2022-08-12 | N/A | 6.1 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (RXSS) vulnerability in the TeamManagement.jspa endpoint. The affected versions are before version 8.20.8. | |||||
| CVE-2022-35493 | 1 Wrteam | 1 Eshop - Ecommerce \/ Store Website | 2022-08-12 | N/A | 6.1 MEDIUM |
| A Cross-site scripting (XSS) vulnerability in json search parse and the json response in wrteam.in, eShop - Multipurpose Ecommerce Store Website version 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the get_products?search parameter. | |||||
| CVE-2022-2725 | 1 Company Website Cms Project | 1 Company Website Cms | 2022-08-12 | N/A | 6.1 MEDIUM |
| A vulnerability was found in SourceCodester Company Website CMS. It has been rated as problematic. Affected by this issue is some unknown functionality of the file add-blog.php. The manipulation leads to cross site scripting. The attack may be launched remotely. VDB-205838 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-2412 | 1 Better Tag Cloud Project | 1 Better Tag Cloud | 2022-08-12 | N/A | 4.8 MEDIUM |
| The Better Tag Cloud WordPress plugin through 0.99.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-2426 | 1 Thinkific | 1 Thinkific Uploader | 2022-08-12 | N/A | 4.8 MEDIUM |
| The Thinkific Uploader WordPress plugin through 1.0.0 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks against other administrators. | |||||
| CVE-2022-2423 | 1 Designwall | 1 Dw Promobar | 2022-08-12 | N/A | 4.8 MEDIUM |
| The DW Promobar WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-2371 | 1 Yaycommerce | 1 Yaysmtp | 2022-08-12 | N/A | 5.4 MEDIUM |
| The YaySMTP WordPress plugin before 2.2.1 does not have proper authorisation when saving its settings, allowing users with a role as low as subscriber to change them, and use that to conduct Stored Cross-Site Scripting attack due to the lack of escaping in them as well. | |||||
| CVE-2022-2424 | 1 Google Maps Anywhere Project | 1 Google Maps Anywhere | 2022-08-12 | N/A | 4.8 MEDIUM |
| The Google Maps Anywhere WordPress plugin through 1.2.6.3 does not sanitise and escape any of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-2425 | 1 Wp Ds Blog Map Project | 1 Wp Ds Blog Map | 2022-08-12 | N/A | 4.8 MEDIUM |
| The WP DS Blog Map WordPress plugin through 3.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-2372 | 1 Yaycommerce | 1 Yaysmtp | 2022-08-12 | N/A | 4.8 MEDIUM |
| The YaySMTP WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-2729 | 1 Open-emr | 1 Openemr | 2022-08-12 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1. | |||||
| CVE-2022-2386 | 1 Automattic | 1 Crowdsignal Dashboard | 2022-08-12 | N/A | 6.1 MEDIUM |
| The Crowdsignal Dashboard WordPress plugin before 3.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-2731 | 1 Open-emr | 1 Openemr | 2022-08-12 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1. | |||||