Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2391 | 1 Wpzoom | 1 Inspiro Pro | 2022-08-12 | N/A | 5.4 MEDIUM |
| The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description. | |||||
| CVE-2022-2733 | 1 Open-emr | 1 Openemr | 2022-08-12 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1. | |||||
| CVE-2022-2395 | 1 Weformspro | 1 Weforms | 2022-08-11 | N/A | 4.8 MEDIUM |
| The weForms WordPress plugin before 1.6.14 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-2398 | 1 Najeebmedia | 1 Wordpress Comments Fields | 2022-08-11 | N/A | 4.8 MEDIUM |
| The WordPress Comments Fields WordPress plugin before 4.1 does not escape Field Error Message, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2022-2409 | 1 Rough Chart Project | 1 Rough Chart | 2022-08-11 | N/A | 4.8 MEDIUM |
| The Rough Chart WordPress plugin through 1.0.0 does not properly escape chart data label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-2410 | 1 Mtouch Quiz Project | 1 Mtouch Quiz | 2022-08-11 | N/A | 4.8 MEDIUM |
| The mTouch Quiz WordPress plugin through 3.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-2411 | 1 Auto More Tag Project | 1 Auto More Tag | 2022-08-11 | N/A | 4.8 MEDIUM |
| The Auto More Tag WordPress plugin through 4.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-31663 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2022-08-11 | N/A | 6.1 MEDIUM |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window. | |||||
| CVE-2022-2500 | 1 Gitlab | 1 Gitlab | 2022-08-11 | N/A | 5.4 MEDIUM |
| A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1. A stored XSS flaw in job error messages allows attackers to perform arbitrary actions on behalf of victims at client side. | |||||
| CVE-2022-2686 | 1 Fast Food Ordering System Project | 1 Fast Food Ordering System | 2022-08-11 | N/A | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in oretnom23 Fast Food Ordering System. This affects an unknown part of the component Menu List Page. The manipulation of the argument Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205725 was assigned to this vulnerability. | |||||
| CVE-2022-2690 | 1 Wedding Hall Booking System Project | 1 Wedding Hall Booking System | 2022-08-11 | N/A | 5.4 MEDIUM |
| A vulnerability classified as problematic was found in SourceCodester Wedding Hall Booking System. Affected by this vulnerability is an unknown functionality of the file /whbs/?page=my_bookings of the component Booking Form. The manipulation of the argument Remarks leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205813 was assigned to this vulnerability. | |||||
| CVE-2022-2691 | 1 Wedding Hall Booking System Project | 1 Wedding Hall Booking System | 2022-08-11 | N/A | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Wedding Hall Booking System. Affected by this issue is some unknown functionality of the file /whbs/?page=manage_account of the component Profile Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205814 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-2689 | 1 Wedding Hall Booking System Project | 1 Wedding Hall Booking System | 2022-08-11 | N/A | 5.4 MEDIUM |
| A vulnerability classified as problematic has been found in SourceCodester Wedding Hall Booking System. Affected is an unknown function of the file /whbs/?page=contact_us of the component Contact Page. The manipulation of the argument Message leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205812. | |||||
| CVE-2022-35144 | 1 Raneto Project | 1 Raneto | 2022-08-11 | N/A | 4.8 MEDIUM |
| Renato v0.17.0 was discovered to contain a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2022-2692 | 1 Wedding Hall Booking System Project | 1 Wedding Hall Booking System | 2022-08-11 | N/A | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SourceCodester Wedding Hall Booking System. This affects an unknown part of the file /whbs/admin/?page=user of the component Staff User Profile. The manipulation of the argument First Name/Last Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205815. | |||||
| CVE-2022-2701 | 1 Simple E-learning System Project | 1 Simple E-learning System | 2022-08-11 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in SourceCodester Simple E-Learning System. This vulnerability affects unknown code of the file /claire_blake. The manipulation of the argument Bio leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205822 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-2681 | 1 Online Student Admission System Project | 1 Online Student Admission System | 2022-08-10 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in SourceCodester Online Student Admission System. Affected by this vulnerability is an unknown functionality of the file edit-profile.php of the component Student User Page. The manipulation with the input <script>alert(/xss/)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205669 was assigned to this vulnerability. | |||||
| CVE-2022-27166 | 1 Apache | 1 Jspwiki | 2022-08-10 | N/A | 6.1 MEDIUM |
| A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | |||||
| CVE-2022-28732 | 1 Apache | 1 Jspwiki | 2022-08-10 | N/A | 6.1 MEDIUM |
| A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later. | |||||
| CVE-2022-28730 | 1 Apache | 1 Jspwiki | 2022-08-10 | N/A | 6.1 MEDIUM |
| A carefully crafted request on AJAXPreview.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. This vulnerability leverages CVE-2021-40369, where the Denounce plugin dangerously renders user-supplied URLs. Upon re-testing CVE-2021-40369, it appears that the patch was incomplete as it was still possible to insert malicious input via the Denounce plugin. Apache JSPWiki users should upgrade to 2.11.3 or later. | |||||