Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23073 | 1 Tandoor | 1 Recipes | 2022-06-28 | 3.5 LOW | 5.4 MEDIUM |
| In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in copy to clipboard functionality. When a victim accesses the food list page, then adds a new Food with a malicious javascript payload in the ‘Name’ parameter and clicks on the clipboard icon, an XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover. | |||||
| CVE-2022-1896 | 1 Underconstruction Project | 1 Underconstruction | 2022-06-28 | 3.5 LOW | 4.8 MEDIUM |
| The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletred_html capability is disallowed. | |||||
| CVE-2022-1889 | 1 Thenewsletterplugin | 1 Newsletter | 2022-06-28 | 3.5 LOW | 4.8 MEDIUM |
| The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed | |||||
| CVE-2022-2130 | 1 Microweber | 1 Microweber | 2022-06-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17. | |||||
| CVE-2022-31875 | 1 Trendnet | 2 Tv-ip110wn, Tv-ip110wn Firmware | 2022-06-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an xss vulnerability via the proname parameter in /admin/scheprofile.cgi | |||||
| CVE-2017-20056 | 1 Intechnosoftware | 1 User Login Log | 2022-06-28 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability was found in weblizar User Login Log Plugin 2.2.1. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Stored). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20055 | 1 Bestwebsoft | 1 Contact Form | 2022-06-28 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4.0.0. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0.2 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20054 | 1 Xyzscripts | 1 Contact Form Manager | 2022-06-28 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability was found in XYZScripts Contact Form Manager Plugin. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-32442 | 1 Yuba | 1 U5cms | 2022-06-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| u5cms version 8.3.5 is vulnerable to Cross Site Scripting (XSS). When a user accesses the default home page if the parameter passed in is http://127.0.0.1/? "Onmouseover=%27tzgl (96502)%27bad=", it can cause html injection. | |||||
| CVE-2017-20060 | 1 Elefantcms | 1 Elefant Cms | 2022-06-28 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in Elefant CMS 1.3.12-RC. This affects an unknown part of the component Blog Post Handler. The manipulation leads to basic cross site scripting (Persistent). It is possible to initiate the attack remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20061 | 1 Elefantcms | 1 Elefant Cms | 2022-06-28 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability has been found in Elefant CMS 1.3.12-RC and classified as problematic. This vulnerability affects unknown code of the file /admin/extended. The manipulation of the argument name with the input %3Cimg%20src=no%20onerror=alert(1)%3E leads to basic cross site scripting (Reflected). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20059 | 1 Elefantcms | 1 Elefant Cms | 2022-06-28 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Elefant CMS 1.3.12-RC. Affected by this issue is some unknown functionality of the component Title Handler. The manipulation with the input </title><img src=no onerror=alert(1)> leads to basic cross site scripting (Persistent). The attack may be launched remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20058 | 1 Elefantcms | 1 Elefantcms | 2022-06-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in Elefant CMS 1.3.12-RC. Affected by this vulnerability is an unknown functionality of the component Version Comparison. The manipulation leads to basic cross site scripting (Persistent). The attack can be launched remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20057 | 1 Elefantcms | 1 Elefant Cms | 2022-06-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in Elefant CMS 1.3.12-RC. Affected is an unknown function. The manipulation of the argument username leads to basic cross site scripting (Persistent). It is possible to launch the attack remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2022-31873 | 1 Trendnet | 2 Tv-ip110wn, Tv-ip110wn Firmware | 2022-06-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an XSS vulnerability via the prefix parameter in /admin/general.cgi. | |||||
| CVE-2021-45026 | 1 Rocketsoftware | 1 Ags-zena | 2022-06-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| ASG technologies ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2022-30326 | 1 Trendnet | 2 Tew-831dr, Tew-831dr Firmware | 2022-06-27 | 3.5 LOW | 5.4 MEDIUM |
| An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The network pre-shared key field on the web interface is vulnerable to XSS. An attacker can use a simple XSS payload to crash the basic.config page of the web interface. | |||||
| CVE-2022-31299 | 1 Angtech | 1 Haraj | 2022-06-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Haraj v3.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the User Upgrade Form. | |||||
| CVE-2022-31734 | 1 Cisco | 4 Ws-c2940-8tf-s, Ws-c2940-8tf-s Firmware, Ws-c2940-8tt-s and 1 more | 2022-06-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** Unsupported When Assigned ** Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc. contain a reflected cross-site scripting vulnerability regarding error page generation. An arbitrary script may be executed on the web browser of the user who is using the product. The affected firmware is prior to 12.2(50)SY released in 2011, and Cisco Catalyst 2940 Series Switches have been retired since January 2015. | |||||
| CVE-2022-25772 | 1 Acquia | 1 Mautic | 2022-06-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the web tracking component of Mautic before 4.3.0 allows remote attackers to inject executable javascript | |||||