Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2015 | 1 Diagrams | 1 Drawio | 2022-06-15 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 19.0.2. | |||||
| CVE-2021-44266 | 1 Gunet | 1 Open Eclass Platform | 2022-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter. | |||||
| CVE-2022-2029 | 1 Kromit | 1 Titra | 2022-06-15 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra prior to 0.77.0. | |||||
| CVE-2022-2036 | 1 Rosariosis | 1 Rosariosis | 2022-06-15 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1. | |||||
| CVE-2022-31398 | 1 Helpdeskz | 1 Helpdeskz | 2022-06-15 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /staff/tools/custom-fields of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field. | |||||
| CVE-2022-2028 | 1 Kromit | 1 Titra | 2022-06-15 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Generic in GitHub repository kromitgmbh/titra prior to 0.77.0. | |||||
| CVE-2022-32195 | 1 Edx | 1 Open Edx | 2022-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL. | |||||
| CVE-2022-2020 | 1 Prison Management System Project | 1 Prison Management System | 2022-06-15 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=system_info of the component System Name Handler. The manipulation with the input <img src="" onerror="alert(1)"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-29296 | 1 Avantune | 1 Genialcloud Proj | 2022-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in the login portal of Avantune Genialcloud ProJ - 10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2021-40610 | 1 Emlog Pro Project | 1 Emlog Pro | 2022-06-15 | 3.5 LOW | 5.4 MEDIUM |
| Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro background management. | |||||
| CVE-2022-1673 | 1 Greenwallet | 1 Woocommerce Green Wallet Gateway | 2022-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WooCommerce Green Wallet Gateway WordPress plugin before 1.0.2 does not escape the error_envision query parameter before outputting it to the page, leading to a Reflected Cross-Site Scripting vulnerability. | |||||
| CVE-2022-1647 | 1 Ncrafts | 1 Formcraft | 2022-06-15 | 3.5 LOW | 4.8 MEDIUM |
| The FormCraft WordPress plugin before 1.2.6 does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-2035 | 1 Ltgplc | 1 Rustici Software Scorm Engine | 2022-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions < 20.1.45.914, 21.1.x < 21.1.7.219. The issue exists because there are no limitations on the domain or format of the url supplied by the user, allowing an attacker to craft malicious urls which can trigger a reflected XSS payload in the context of a victim's browser. | |||||
| CVE-2022-2016 | 1 Facturascripts | 1 Facturascripts | 2022-06-15 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.1. | |||||
| CVE-2022-1569 | 1 Pieforms | 1 Drag \& Drop Builder | 2022-06-15 | 3.5 LOW | 4.8 MEDIUM |
| The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed | |||||
| CVE-2022-1541 | 1 Richweb | 1 Video Slider | 2022-06-15 | 3.5 LOW | 4.8 MEDIUM |
| The Video Slider WordPress plugin before 1.4.8 does not sanitize or escape some of its video settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2022-1469 | 1 Fibosearch | 1 Fibosearch | 2022-06-15 | 3.5 LOW | 4.8 MEDIUM |
| The FiboSearch WordPress plugin before 1.17.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed | |||||
| CVE-2022-1506 | 1 Wp Born Babies Project | 1 Wp Born Babies | 2022-06-15 | 3.5 LOW | 5.4 MEDIUM |
| The WP Born Babies WordPress plugin through 1.0 does not sanitise and escape some of its fields, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks | |||||
| CVE-2022-30899 | 1 Partkeepr | 1 Partkeepr | 2022-06-14 | 3.5 LOW | 4.8 MEDIUM |
| A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the 'name' field in /api/part_categories. | |||||
| CVE-2022-1997 | 1 Rosariosis | 1 Rosariosis | 2022-06-14 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0. | |||||