Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-20100 | 1 Air Transfer Project | 1 Air Transfer | 2022-07-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in Air Transfer 1.0.14/1.2.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-2218 | 1 Parse-url Project | 1 Parse-url | 2022-07-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0. | |||||
| CVE-2022-33009 | 1 Lightcms Project | 1 Lightcms | 2022-07-06 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file. | |||||
| CVE-2022-34133 | 1 Jorani Project | 1 Jorani | 2022-07-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Benjamin BALET Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/Leaves.php. | |||||
| CVE-2022-22502 | 1 Ibm | 3 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak | 2022-07-06 | 3.5 LOW | 5.4 MEDIUM |
| IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227124. | |||||
| CVE-2022-1776 | 1 Icegram | 1 Popups\, Welcome Bar\, Optins And Lead Generation Plugin | 2022-07-06 | 3.5 LOW | 5.4 MEDIUM |
| The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.1.8 does not sanitize and escape some campaign parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-2217 | 1 Parse-url Project | 1 Parse-url | 2022-07-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0. | |||||
| CVE-2022-1904 | 1 Fatcatapps | 1 Easy Pricing Tables | 2022-07-06 | 2.6 LOW | 6.1 MEDIUM |
| The Pricing Tables WordPress Plugin WordPress plugin before 3.2.1 does not sanitise and escape parameter before outputting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-2041 | 1 Brizy | 1 Brizy-page Builder | 2022-07-06 | 3.5 LOW | 5.4 MEDIUM |
| The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element content, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-2040 | 1 Brizy | 1 Brizy-page Builder | 2022-07-06 | 3.5 LOW | 5.4 MEDIUM |
| The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element URL, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-1916 | 1 Pluginus | 1 Active Products Tables For Woocommerce | 2022-07-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store WordPress plugin before 1.0.5 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected cross-Site Scripting | |||||
| CVE-2022-33910 | 1 Mantisbt | 1 Mantisbt | 2022-07-06 | 3.5 LOW | 5.4 MEDIUM |
| An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, file_download.php opens the SVG document in a browser tab instead of downloading it as a file, causing the JavaScript code to execute. | |||||
| CVE-2022-29096 | 1 Dell | 1 Wyse Management Suite | 2022-07-06 | 3.5 LOW | 5.4 MEDIUM |
| Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in saveGroupConfigurations page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | |||||
| CVE-2022-1971 | 1 Wpgetready | 1 Nextcellent Gallery | 2022-07-06 | 3.5 LOW | 4.8 MEDIUM |
| The NextCellent Gallery WordPress plugin through 1.9.35 does not sanitise and escape some of its image settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-1964 | 1 Easy Svg Support Project | 1 Easy Svg Support | 2022-07-06 | 3.5 LOW | 5.4 MEDIUM |
| The Easy SVG Support WordPress plugin before 3.3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads | |||||
| CVE-2022-1995 | 1 Miniorange | 1 Malware Scanner | 2022-07-06 | 3.5 LOW | 4.8 MEDIUM |
| The Malware Scanner WordPress plugin before 4.5.2 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup) | |||||
| CVE-2022-1990 | 1 Nested Pages Project | 1 Nested Pages | 2022-07-06 | 3.5 LOW | 4.8 MEDIUM |
| The Nested Pages WordPress plugin before 3.1.21 does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltered_html is disallowed | |||||
| CVE-2022-1994 | 1 Miniorange | 1 Login With Otp Over Sms\, Email\, Whatsapp And Google Authenticator | 2022-07-06 | 3.5 LOW | 4.8 MEDIUM |
| The Login With OTP Over SMS, Email, WhatsApp and Google Authenticator WordPress plugin before 1.0.8 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed | |||||
| CVE-2022-27238 | 1 Bigbluebutton | 1 Bigbluebutton | 2022-07-05 | 3.5 LOW | 5.4 MEDIUM |
| BigBlueButton version 2.4.7 (or earlier) is vulnerable to stored Cross-Site Scripting (XSS) in the private chat functionality. A threat actor could inject JavaScript payload in his/her username. The payload gets executed in the browser of the victim each time the attacker sends a private message to the victim or when notification about the attacker leaving room is displayed. | |||||
| CVE-2022-30120 | 1 Concretecms | 1 Concrete Cms | 2022-07-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 3.1with CVSS v3.1 Vector AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. Sanitation has been added where built urls are output. Credit to Credit to Bogdan Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) for reporting | |||||