Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13563 | 2 Open-emr, Phpgacl Project | 2 Openemr, Phpgacl | 2022-07-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template group_id parameter. | |||||
| CVE-2018-25045 | 1 Django-rest-framework | 1 Django Rest Framework | 2022-07-28 | N/A | 6.1 MEDIUM |
| Django REST framework (aka django-rest-framework) before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping. | |||||
| CVE-2022-34550 | 1 Student Information Management System Project | 1 Student Information Management System | 2022-07-28 | N/A | 5.4 MEDIUM |
| Sims v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /addNotifyServlet. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the notifyInfo parameter. | |||||
| CVE-2022-34991 | 1 Techvill | 1 Paymoney | 2022-07-28 | N/A | 5.4 MEDIUM |
| Paymoney v3.3 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the first_name and last_name parameters. | |||||
| CVE-2022-2510 | 1 Hallowelt | 1 Bluespice | 2022-07-28 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in "Extension:ExtendedSearch" of Hallo Welt! GmbH BlueSpice allows attacker to inject arbitrary HTML (XSS) on page "Special:SearchCenter", using the search term in the URL. | |||||
| CVE-2022-35653 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2022-07-28 | N/A | 6.1 MEDIUM |
| A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not impact authenticated users. | |||||
| CVE-2022-34988 | 1 Inoutscripts | 1 Blockchain Altexchanger | 2022-07-28 | N/A | 5.4 MEDIUM |
| Inout Blockchain AltExchanger v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/js. | |||||
| CVE-2021-44478 | 1 Siemens | 2 Polarion Alm, Polarion Subversion Webclient | 2022-07-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability has been identified in Polarion ALM (All versions < V21 R2 P2), Polarion WebClient for SVN (All versions). A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. An attacker could exploit this to execute arbitrary code and extract sensitive information by sending a specially crafted link to users with administrator privileges. | |||||
| CVE-2021-44263 | 1 Gurock | 1 Testrail | 2022-07-28 | 3.5 LOW | 5.4 MEDIUM |
| Gurock TestRail before 7.2.4 mishandles HTML escaping. | |||||
| CVE-2021-42770 | 1 Opnsense | 1 Opnsense | 2022-07-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site scripting (XSS) vulnerability was discovered in OPNsense before 21.7.4 via the LDAP attribute return in the authentication tester. | |||||
| CVE-2022-36131 | 1 Midori-global | 1 Better Pdf Exporter | 2022-07-28 | N/A | 6.1 MEDIUM |
| The Better PDF Exporter add-on 10.0.0 for Atlassian Jira is prone to stored XSS via a crafted description to the PDF Templates overview page. | |||||
| CVE-2021-24565 | 1 Contact Form 7 Captcha Project | 1 Contact Form 7 Captcha | 2022-07-28 | 6.8 MEDIUM | 8.8 HIGH |
| The Contact Form 7 Captcha WordPress plugin before 0.0.9 does not have any CSRF check in place when saving its settings, allowing attacker to make a logged in user with the manage_options change them. Furthermore, the settings are not escaped when output in attributes, leading to a Stored Cross-Site Scripting issue. | |||||
| CVE-2021-34582 | 1 Phoenixcontact | 4 Fl Mguard 1102, Fl Mguard 1102 Firmware, Fl Mguard 1105 and 1 more | 2022-07-28 | 3.5 LOW | 4.8 MEDIUM |
| In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 a user with high privileges can inject HTML code (XSS) through web-based management or the REST API with a manipulated certificate file. | |||||
| CVE-2021-39609 | 1 Flatcore | 1 Flatcore-cms | 2022-07-27 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function. | |||||
| CVE-2022-34358 | 1 Ibm | 1 I | 2022-07-27 | N/A | 5.4 MEDIUM |
| IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 230516. | |||||
| CVE-2022-27545 | 1 Hcltech | 1 Bigfix Platform | 2022-07-27 | N/A | 5.4 MEDIUM |
| BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page. | |||||
| CVE-2022-2199 | 1 Micodus | 2 Mv720, Mv720 Firmware | 2022-07-27 | N/A | 6.1 MEDIUM |
| The main MiCODUS MV720 GPS tracker web server has a reflected cross-site scripting vulnerability that could allow an attacker to gain control by tricking a user into making a request. | |||||
| CVE-2022-34048 | 1 Wavlink | 2 Wn533a8, Wn533a8 Firmware | 2022-07-27 | N/A | 6.1 MEDIUM |
| Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login_page parameter. | |||||
| CVE-2022-2511 | 1 Hallowelt | 1 Bluespice | 2022-07-27 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in the "commonuserinterface" component of BlueSpice allows an attacker to inject arbitrary HTML into a page using the title parameter of the call URL. | |||||
| CVE-2022-21802 | 1 Grapesjs | 1 Grapesjs | 2022-07-27 | N/A | 6.1 MEDIUM |
| The package grapesjs before 0.19.5 are vulnerable to Cross-site Scripting (XSS) due to an improper sanitization of the class name in Selector Manager. | |||||