Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2683 | 1 Simple Food Ordering System Project | 1 Simple Food Ordering System | 2022-08-08 | N/A | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SourceCodester Simple Food Ordering System 1.0. This affects an unknown part of the file /login.php. The manipulation of the argument email/password with the input "><ScRiPt>alert(1)</sCrIpT> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205671. | |||||
| CVE-2022-2684 | 1 Apartment Visitors Management System Project | 1 Apartment Visitors Management System | 2022-08-08 | N/A | 5.4 MEDIUM |
| A vulnerability has been found in SourceCodester Apartment Visitor Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /manage-apartment.php. The manipulation of the argument Apartment Number with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205672. | |||||
| CVE-2022-2685 | 1 Interview Management System Project | 1 Interview Management System | 2022-08-08 | N/A | 6.1 MEDIUM |
| A vulnerability was found in SourceCodester Interview Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /addQuestion.php. The manipulation of the argument question with the input <script>alert(1)</script> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205673 was assigned to this vulnerability. | |||||
| CVE-2022-35163 | 1 Complete Online Job Search System Project | 1 Complete Online Job Search System | 2022-08-08 | N/A | 4.8 MEDIUM |
| Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the U_NAME parameter at /category/controller.php?action=edit. | |||||
| CVE-2022-35162 | 1 Complete Online Job Search System Project | 1 Complete Online Job Search System | 2022-08-08 | N/A | 4.8 MEDIUM |
| Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the CATEGORY parameter at /category/controller.php?action=edit. | |||||
| CVE-2022-31192 | 1 Duraspace | 1 Dspace | 2022-08-08 | N/A | 6.1 MEDIUM |
| DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item requests could be vulnerable to XSS attacks. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2022-31191 | 1 Duraspace | 1 Dspace | 2022-08-08 | N/A | 6.1 MEDIUM |
| DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI autocomplete HTML does not properly escape text passed to it. Both are vulnerable to XSS. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2021-46678 | 1 Pandorafms | 1 Pandora Fms | 2022-08-06 | N/A | 6.1 MEDIUM |
| A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the service name field. | |||||
| CVE-2021-46679 | 1 Pandorafms | 1 Pandora Fms | 2022-08-06 | N/A | 6.1 MEDIUM |
| A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via service elements. | |||||
| CVE-2021-46677 | 1 Pandorafms | 1 Pandora Fms | 2022-08-06 | N/A | 6.1 MEDIUM |
| A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the event filter name field. | |||||
| CVE-2021-46680 | 1 Pandorafms | 1 Pandora Fms | 2022-08-06 | N/A | 6.1 MEDIUM |
| A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the module form name field. | |||||
| CVE-2021-46676 | 1 Pandorafms | 1 Pandora Fms | 2022-08-06 | N/A | 6.1 MEDIUM |
| A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the transactional maps name field. | |||||
| CVE-2020-1691 | 1 Moodle | 1 Moodle | 2022-08-06 | N/A | 5.4 MEDIUM |
| In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting. | |||||
| CVE-2022-1961 | 1 Gtm4wp | 1 Google Tag Manager | 2022-08-05 | 3.5 LOW | 4.8 MEDIUM |
| The Google Tag Manager for WordPress (GTM4WP) plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the `gtm4wp-options[scroller-contentid]` parameter found in the `~/public/frontend.php` file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | |||||
| CVE-2020-35416 | 1 Onlineonly | 1 Phpjabbers Appointment Scheduler | 2022-08-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, in the index.php admin login webpage (with different request parameters), allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2020-17515 | 1 Apache | 1 Airflow | 2022-08-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely. | |||||
| CVE-2020-27783 | 6 Debian, Fedoraproject, Lxml and 3 more | 8 Debian Linux, Fedora, Lxml and 5 more | 2022-08-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code. | |||||
| CVE-2020-29395 | 1 Myeventon | 1 Eventon | 2022-08-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field. | |||||
| CVE-2020-12262 | 1 Intelbras | 6 Tip200, Tip200 Firmware, Tip200lite and 3 more | 2022-08-05 | 3.5 LOW | 5.4 MEDIUM |
| Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS. | |||||
| CVE-2020-13944 | 1 Apache | 1 Airflow | 2022-08-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. | |||||