Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2589 | 1 Fava Project | 1 Fava | 2022-08-04 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.3. | |||||
| CVE-2022-1906 | 1 Digiprove | 1 Copyright Proof | 2022-08-04 | N/A | 6.1 MEDIUM |
| The Copyright Proof WordPress plugin through 4.16 does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting when a specific setting is enabled. | |||||
| CVE-2022-1324 | 1 Rich-web | 1 Event Timeline | 2022-08-04 | N/A | 4.8 MEDIUM |
| The Event Timeline WordPress plugin through 1.1.5 does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2022-31774 | 1 Ibm | 1 Datapower Gateway | 2022-08-04 | N/A | 5.4 MEDIUM |
| IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228358. | |||||
| CVE-2022-34580 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2022-08-04 | N/A | 4.8 MEDIUM |
| Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the address parameter at ip/school/index.php. | |||||
| CVE-2016-2139 | 1 Kippo-graph Project | 1 Kippo-graph | 2022-08-04 | N/A | 6.4 MEDIUM |
| In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in $file_link in class/KippoInput.class.php. | |||||
| CVE-2016-2138 | 1 Kippo-graph Project | 1 Kippo-graph | 2022-08-04 | N/A | 6.4 MEDIUM |
| In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in xss_clean() in class/KippoInput.class.php. | |||||
| CVE-2022-29360 | 1 Rainloop | 1 Webmail | 2022-08-04 | N/A | 5.4 MEDIUM |
| The Email Viewer in RainLoop through 1.6.0 allows XSS via a crafted email message. | |||||
| CVE-2022-1948 | 1 Gitlab | 1 Gitlab | 2022-08-04 | N/A | 5.4 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 15.0 before 15.0.1. Missing validation of input used in quick actions allowed an attacker to exploit XSS by injecting HTML in contact details. | |||||
| CVE-2022-36922 | 1 Jenkins | 1 Lucene-search | 2022-08-04 | N/A | 6.1 MEDIUM |
| Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the 'search' result page, resulting in a reflected cross-site scripting (XSS) vulnerability. | |||||
| CVE-2022-36378 | 1 Floating Div Project | 1 Floating Div | 2022-08-04 | N/A | 4.8 MEDIUM |
| Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Floating Div plugin <= 3.0 at WordPress. | |||||
| CVE-2022-35632 | 1 Rapid7 | 1 Velociraptor | 2022-08-04 | N/A | 4.8 MEDIUM |
| The Velociraptor GUI contains an editor suggestion feature that can display the description field of a VQL function, plugin or artifact. This field was not properly sanitized and can lead to cross-site scripting (XSS). This issue was resolved in Velociraptor 0.6.5-2. | |||||
| CVE-2021-42535 | 1 Visam | 1 Vbase Web-remote | 2022-08-04 | N/A | 6.1 MEDIUM |
| VISAM VBASE version 11.6.0.6 does not neutralize or incorrectly neutralizes user-controllable input before the data is placed in output used as a public-facing webpage. | |||||
| CVE-2022-35630 | 1 Rapid7 | 1 Velociraptor | 2022-08-04 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) issue in generating a collection report made it possible for malicious clients to inject JavaScript code into the static HTML file. This issue was resolved in Velociraptor 0.6.5-2. | |||||
| CVE-2022-36948 | 1 Veritas | 1 Netbackup | 2022-08-03 | N/A | 5.4 MEDIUM |
| In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. | |||||
| CVE-2022-36902 | 1 Jenkins | 1 Dynamic Extended Choice Parameter | 2022-08-03 | N/A | 5.4 MEDIUM |
| Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-36905 | 1 Jenkins | 1 Maven Metadata | 2022-08-03 | N/A | 5.4 MEDIUM |
| Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-23101 | 1 Open-xchange | 1 Ox App Suite | 2022-08-03 | N/A | 6.1 MEDIUM |
| OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message. | |||||
| CVE-2022-23099 | 1 Open-xchange | 1 App Suite | 2022-08-03 | N/A | 5.4 MEDIUM |
| OX App Suite through 7.10.6 allows XSS by forcing block-wise read. | |||||
| CVE-2021-33371 | 1 Student Management System Project | 1 Student Management System | 2022-08-02 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in /nav_bar_action.php of Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat box. | |||||