Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-21937 | 1 Johnsoncontrols | 3 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Open Application Server | 2022-06-24 | 2.1 LOW | 5.4 MEDIUM |
| Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the web interface. | |||||
| CVE-2022-29452 | 1 Atlasgondal | 1 Export All Urls | 2022-06-24 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (editor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Export All URLs plugin <= 4.1 at WordPress. | |||||
| CVE-2022-32280 | 1 Xakuro | 1 Xo Slider | 2022-06-24 | 3.5 LOW | 5.4 MEDIUM |
| Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Xakuro's XO Slider plugin <= 3.3.2 at WordPress. | |||||
| CVE-2022-28612 | 1 Custom Popup Builder Project | 1 Custom Popup Builder | 2022-06-24 | 3.5 LOW | 5.4 MEDIUM |
| Improper Access Control vulnerability leading to multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Muneeb's Custom Popup Builder plugin <= 1.3.1 at WordPress. | |||||
| CVE-2022-24004 | 1 Vanderbilt | 1 Redcap | 2022-06-24 | 3.5 LOW | 5.4 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Messenger/messenger_ajax.php in REDCap 12.0.11. This issue allows any authenticated user to inject arbitrary code into the messenger title (aka new_title) field when editing an existing conversation. The payload executes in the browser of any conversation participant with the sidebar shown. | |||||
| CVE-2022-29618 | 1 Sap | 1 Netweaver Development Infrastructure | 2022-06-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | |||||
| CVE-2022-24127 | 1 Vanderbilt | 1 Redcap | 2022-06-24 | 3.5 LOW | 5.4 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability was discovered in ProjectGeneral/edit_project_settings.php in REDCap 12.0.11. This issue allows any user with project management permissions to inject arbitrary code into the project title (app_title) field when editing an existing project. The payload is then reflected within the title tag of the page. | |||||
| CVE-2022-29443 | 1 Nicdark | 1 Hotel Booking | 2022-06-24 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark's Hotel Booking plugin <= 3.0 at WordPress. | |||||
| CVE-2021-41415 | 1 Subscription-manager Project | 1 Subscription-manager | 2022-06-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Subscription-Manager v1.0 /main.js has a cross-site scripting (XSS) vulnerability in the machineDetail parameter. | |||||
| CVE-2022-30903 | 1 Nokia | 2 G-2425g-a, G-2425g-a Firmware | 2022-06-23 | 3.5 LOW | 4.8 MEDIUM |
| Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA" Software Version "3FE49362IJHK42" is vulnerable to Cross-Site Scripting (XSS) via the admin->Maintenance>Device Management. | |||||
| CVE-2022-2087 | 1 Bank Management System Project | 1 Bank Management System | 2022-06-23 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SourceCodester Bank Management System 1.0. This affects the file /mnotice.php?id=2. The manipulation of the argument notice with the input <script>alert(1)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2021-36901 | 1 Asylumdigital | 1 Age Gate | 2022-06-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Phil Baker's Age Gate plugin <= 2.17.0 at WordPress. | |||||
| CVE-2022-31059 | 1 Discourse | 1 Discourse Calendar | 2022-06-23 | 2.1 LOW | 5.4 MEDIUM |
| Discourse Calendar is a calendar plugin for Discourse, an open-source messaging app. Prior to version 1.0.1, parsing and rendering of Event names can be susceptible to cross-site scripting (XSS) attacks. This vulnerability only affects sites which have modified or disabled Discourse’s default Content Security Policy. This issue is patched in version 1.0.1 of the Discourse Calendar plugin. As a workaround, ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks. | |||||
| CVE-2022-27859 | 1 Nicdark | 1 Nd-travel | 2022-06-23 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark d.o.o. Travel Management plugin <= 2.0 at WordPress. | |||||
| CVE-2022-29406 | 1 Dynamicweblab | 1 Wp-team-manager | 2022-06-23 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in DynamicWebLab's WordPress Team Manager plugin <= 1.6.9 at WordPress. | |||||
| CVE-2005-1006 | 1 Sonicwall | 2 Soho, Soho Firmware | 2022-06-23 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file. | |||||
| CVE-2021-40910 | 1 Phpcms | 1 Phpcms | 2022-06-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a reflective cross-site scripting (XSS) vulnerability in the PHPCMS V9.6.3 management side. | |||||
| CVE-2022-29485 | 1 Ss-proj | 1 Shirasagi | 2022-06-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2022-32286 | 1 Mendix | 1 Saml | 2022-06-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). In certain configurations SAML module is vulnerable to Cross Site Scripting (XSS) attacks due to insufficient error message sanitation. This could allow an attacker to execute malicious code by tricking users into accessing a malicious link. | |||||
| CVE-2022-29438 | 1 Nextcode | 1 Image Slider By Nextcode | 2022-06-23 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (author or higher user role) Persistent Cross-Site Scripting (XSS) vulnerability in Image Slider by NextCode plugin <= 1.1.2 at WordPress. | |||||