Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2523 | 1 Fava Project | 1 Fava | 2022-07-27 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.2. | |||||
| CVE-2022-2514 | 1 Fava Project | 1 Fava | 2022-07-27 | N/A | 6.1 MEDIUM |
| The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim. | |||||
| CVE-2019-19085 | 1 Octopus | 1 Server | 2022-07-27 | 3.5 LOW | 5.4 MEDIUM |
| A persistent cross-site scripting (XSS) vulnerability in Octopus Server 3.4.0 through 2019.10.5 allows remote authenticated attackers to inject arbitrary web script or HTML. | |||||
| CVE-2022-35569 | 1 Blogifier | 1 Blogifier | 2022-07-27 | N/A | 4.8 MEDIUM |
| Blogifier v3.0 was discovered to contain an arbitrary file upload vulnerability at /api/storage/upload/PostImage. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted file. | |||||
| CVE-2022-24692 | 1 Dsk | 1 Dsknet | 2022-07-27 | N/A | 5.4 MEDIUM |
| An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The new menu option within the general Parameters page is vulnerable to stored XSS. The attacker can create a menu option, make it visible to every application user, and conduct session hijacking, account takeover, or malicious code delivery, with the final goal of achieving client-side code execution. | |||||
| CVE-2018-20239 | 1 Atlassian | 8 Application Links, Confluence Data Center, Confluence Server and 5 more | 2022-07-27 | 3.5 LOW | 5.4 MEDIUM |
| Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. The product is used as a plugin in various Atlassian products where the following are affected: Confluence before version 6.15.2, Crucible before version 4.7.0, Crowd before version 3.4.3, Fisheye before version 4.7.0, Jira before version 7.13.3 and 8.x before 8.1.0. | |||||
| CVE-2020-14175 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2022-07-27 | 3.5 LOW | 5.4 MEDIUM |
| Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. The affected versions are before version 7.4.2, and from version 7.5.0 before 7.5.2. | |||||
| CVE-2020-29444 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2022-07-27 | 3.5 LOW | 5.4 MEDIUM |
| Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters. | |||||
| CVE-2022-29057 | 1 Fortinet | 1 Fortiedr | 2022-07-27 | N/A | 5.4 MEDIUM |
| A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiEDR version 5.1.0, 5.0.0 through 5.0.3 Patch 6 and 4.0.0 allows a remote authenticated attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload into the Management Console via various endpoints. | |||||
| CVE-2022-34537 | 1 Dw | 2 Megapix, Megapix Firmware | 2022-07-26 | N/A | 5.4 MEDIUM |
| Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a cross-site scripting (XSS) vulnerability via the component bia_oneshot.cgi. | |||||
| CVE-2022-22417 | 1 Ibm | 2 Partner Engagement Manager, Partner Engagement Manager On Cloud\/saas | 2022-07-26 | N/A | 5.4 MEDIUM |
| IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 223127. | |||||
| CVE-2021-31858 | 1 Dnnsoftware | 1 Dotnetnuke | 2022-07-26 | N/A | 5.4 MEDIUM |
| DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload. | |||||
| CVE-2022-34650 | 1 Wpwax | 1 Team | 2022-07-26 | N/A | 5.4 MEDIUM |
| Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress. | |||||
| CVE-2022-33191 | 1 Testimonials Project | 1 Testimonials | 2022-07-26 | N/A | 5.4 MEDIUM |
| Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Chinmoy Paul's Testimonials plugin <= 3.0.1 at WordPress. | |||||
| CVE-2022-2495 | 1 Microweber | 1 Microweber | 2022-07-26 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.21. | |||||
| CVE-2022-2470 | 1 Microweber | 1 Microweber | 2022-07-26 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.21. | |||||
| CVE-2022-2494 | 1 Open-emr | 1 Openemr | 2022-07-26 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0. | |||||
| CVE-2021-36849 | 1 Social Media Share Buttons Project | 1 Social Media Share Buttons | 2022-07-26 | N/A | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in René Hermenau's Social Media Share Buttons plugin <= 3.8.1 at WordPress. | |||||
| CVE-2022-29923 | 1 Thingsforrestaurants | 1 Quick Restaurant Reservations | 2022-07-26 | N/A | 4.8 MEDIUM |
| Authenticated (admin or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in ThingsForRestaurants Quick Restaurant Reservations plugin <= 1.4.1 at WordPress. | |||||
| CVE-2022-32065 | 1 Ruoyi | 1 Ruoyi | 2022-07-26 | 3.5 LOW | 5.4 MEDIUM |
| An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file. | |||||