Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-33943 | 1 Bxslider Wp Project | 1 Bxslider Wp | 2022-08-02 | N/A | 5.4 MEDIUM |
| Authenticated (contributor or higher user role) Cross-Site Scripting (XSS) vulnerability in Nico Amarilla's BxSlider WP plugin <= 2.0.0 at WordPress. | |||||
| CVE-2022-29890 | 1 Octopus | 1 Octopus Server | 2022-08-02 | N/A | 6.1 MEDIUM |
| In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. | |||||
| CVE-2022-27105 | 1 Digitus | 1 Inmailx | 2022-08-02 | N/A | 5.4 MEDIUM |
| InMailX Outlook Plugin < 3.22.0101 is vulnerable to Cross Site Scripting (XSS). InMailX Connection names are not sanitzed in the Outlook tab, which allows a local user or network administrator to execute HTML / Javascript in the Outlook of users. | |||||
| CVE-2022-34594 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2022-08-02 | N/A | 4.8 MEDIUM |
| Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component ip/school/moudel/update_subject.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Subject text field. | |||||
| CVE-2022-36880 | 1 Webmin | 2 Usermin, Webmin | 2022-08-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message. | |||||
| CVE-2022-34611 | 1 Online Fire Reporting System Project | 1 Online Fire Reporting System | 2022-08-02 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /index.php/?p=report of Online Fire Reporting System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "Contac #" text field. | |||||
| CVE-2022-2032 | 1 Pandorafms | 1 Pandora Fms | 2022-08-02 | N/A | 4.8 MEDIUM |
| In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system. | |||||
| CVE-2022-2059 | 1 Pandorafms | 1 Pandora Fms | 2022-08-02 | N/A | 4.8 MEDIUM |
| In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system. | |||||
| CVE-2022-34962 | 1 Openteknik | 1 Open Source Social Network | 2022-08-02 | N/A | 5.4 MEDIUM |
| OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Group Timeline module. | |||||
| CVE-2022-22999 | 1 Westerndigital | 16 My Cloud Dl2100, My Cloud Dl2100 Firmware, My Cloud Dl4100 and 13 more | 2022-08-01 | N/A | 4.8 MEDIUM |
| Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges access to drives being backed up to construct and inject JavaScript payloads into an authenticated user's browser. As a result, it may be possible to gain control over the authenticated session, steal data, modify settings, or redirect the user to malicious websites. The scope of impact can extend to other components. | |||||
| CVE-2020-36290 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2022-08-01 | N/A | 5.4 MEDIUM |
| The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the page excerpt functionality. | |||||
| CVE-2020-28459 | 1 Markdown-it-decorate Project | 1 Markdown-it-decorate | 2022-08-01 | N/A | 6.1 MEDIUM |
| This affects all versions of package markdown-it-decorate. An attacker can add an event handler or use javascript:xxx for the link. | |||||
| CVE-2020-28455 | 1 Markdown-it-toc Project | 1 Markdown-it-toc | 2022-08-01 | N/A | 6.1 MEDIUM |
| This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped. | |||||
| CVE-2021-25955 | 1 Dolibarr | 1 Dolibarr | 2022-08-01 | 3.5 LOW | 9.0 CRITICAL |
| In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the “Private Note” field at “/adherents/note.php?id=1” endpoint. These scripts are executed in a victim’s browser when they open the page containing the vulnerable field. In the worst case, the victim who inadvertently triggers the attack is a highly privileged administrator. The injected scripts can extract the Session ID, which can lead to full Account takeover of the admin and due to other vulnerability (Improper Access Control on Private notes) a low privileged user can update the private notes which could lead to privilege escalation. | |||||
| CVE-2022-35131 | 1 Joplinapp | 1 Joplin | 2022-08-01 | N/A | 9.0 CRITICAL |
| Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles. | |||||
| CVE-2021-24801 | 1 Wp Survey Plus Project | 1 Wp Survey Plus | 2022-07-30 | 4.3 MEDIUM | 4.3 MEDIUM |
| The WP Survey Plus WordPress plugin through 1.0 does not have any authorisation and CSRF checks in place in its AJAX actions, allowing any user to call them and add/edit/delete Surveys. Furthermore, due to the lack of sanitization in the Surveys' Title, this could also lead to Stored Cross-Site Scripting issues | |||||
| CVE-2020-11456 | 1 Limesurvey | 1 Limesurvey | 2022-07-29 | 3.5 LOW | 5.4 MEDIUM |
| LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups). | |||||
| CVE-2021-38265 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2022-07-29 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Asset module in Liferay Portal 7.3.4 through 7.3.6 allow remote attackers to inject arbitrary web script or HTML when creating a collection page via the _com_liferay_asset_list_web_portlet_AssetListPortlet_title parameter. | |||||
| CVE-2021-39047 | 1 Ibm | 2 Cognos Analytics, Planning Analytics | 2022-07-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214349. | |||||
| CVE-2022-34964 | 1 Openteknik | 1 Open Source Social Network | 2022-07-29 | N/A | 4.8 MEDIUM |
| OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the SitePages module. | |||||