Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1597 | 1 2code | 1 Wpqa Builder | 2022-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WPQA Builder WordPress plugin before 5.4, used as a companion for the Discy and Himer , does not sanitise and escape a parameter on its reset password form which makes it possible to perform Reflected Cross-Site Scripting attacks | |||||
| CVE-2022-1241 | 1 2code | 1 Ask Me | 2022-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues | |||||
| CVE-2022-31494 | 1 Librehealth | 1 Librehealth Ehr | 2022-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS. | |||||
| CVE-2020-6220 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2022-06-14 | 2.6 LOW | 4.7 MEDIUM |
| BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Exploit is possible only when the bttoken in victim’s session is active. | |||||
| CVE-2022-31493 | 1 Librehealth | 1 Librehealth Ehr | 2022-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS. | |||||
| CVE-2022-1991 | 1 Fast Food Ordering System Project | 1 Fast Food Ordering System | 2022-06-14 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability classified as problematic has been found in Fast Food Ordering System 1.0. Affected is the file Master.php of the Master List. The manipulation of the argument Description with the input foo "><img src="" onerror="alert(document.cookie)"> leads to cross site scripting. It is possible to launch the attack remotely but it requires authentication. Exploit details have been disclosed to the public. | |||||
| CVE-2022-28479 | 1 Seeddms | 1 Seeddms | 2022-06-14 | 3.5 LOW | 4.8 MEDIUM |
| SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS. An attacker with admin privileges can inject the payload inside the "Role management" menu and then trigger the payload by loading the "Users management" menu | |||||
| CVE-2022-31492 | 1 Librehealth | 1 Librehealth Ehr | 2022-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username. | |||||
| CVE-2021-43558 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2022-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk. | |||||
| CVE-2022-31495 | 1 Librehealth | 1 Librehealth Ehr | 2022-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS. | |||||
| CVE-2022-30861 | 1 Fudforum | 1 Fudforum | 2022-06-14 | 3.5 LOW | 4.8 MEDIUM |
| FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature. | |||||
| CVE-2021-42245 | 1 Flatcore | 1 Flatcore-cms | 2022-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| FlatCore-CMS 2.0.9 has a cross-site scripting (XSS) vulnerability in pages.edit.php through meta tags and content sections. | |||||
| CVE-2022-28051 | 1 Seeddms | 1 Seeddms | 2022-06-13 | 3.5 LOW | 5.4 MEDIUM |
| The "Add category" functionality inside the "Global Keywords" menu in "SeedDMS" version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code. | |||||
| CVE-2022-31498 | 1 Librehealth | 1 Librehealth Ehr | 2022-06-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS. | |||||
| CVE-2018-1999005 | 2 Jenkins, Oracle | 2 Jenkins, Communications Cloud Native Core Automated Test Suite | 2022-06-13 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in BuildTimelineWidget.java, BuildTimelineWidget/control.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other user performs some UI actions. | |||||
| CVE-2018-1999007 | 2 Jenkins, Oracle | 2 Jenkins, Communications Cloud Native Core Automated Test Suite | 2022-06-13 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in another user's browser when that other user views HTTP 404 error pages while Stapler debug mode is enabled. | |||||
| CVE-2022-30863 | 1 Fudforum | 1 Fudforum | 2022-06-13 | 3.5 LOW | 4.8 MEDIUM |
| FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_title param in Page Manager in the Admin Control Panel. | |||||
| CVE-2019-1003050 | 3 Jenkins, Oracle, Redhat | 3 Jenkins, Communications Cloud Native Core Automated Test Suite, Openshift Container Platform | 2022-06-13 | 3.5 LOW | 5.4 MEDIUM |
| The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names. | |||||
| CVE-2019-10383 | 3 Jenkins, Oracle, Redhat | 3 Jenkins, Communications Cloud Native Core Automated Test Suite, Openshift Container Platform | 2022-06-13 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages. | |||||
| CVE-2022-1940 | 1 Gitlab | 1 Gitlab | 2022-06-13 | 3.5 LOW | 5.4 MEDIUM |
| A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues | |||||