Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29770 | 1 Xuxueli | 1 Xxl-job | 2022-06-13 | 3.5 LOW | 5.4 MEDIUM |
| XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo. | |||||
| CVE-2022-32271 | 1 Realnetworks | 1 Realplayer | 2022-06-13 | 6.8 MEDIUM | 9.6 CRITICAL |
| In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is possible to inject script code to arbitrary domains. It is also possible to reference arbitrary local files. | |||||
| CVE-2022-26866 | 1 Dell | 1 Powerstoreos | 2022-06-13 | 3.5 LOW | 5.5 MEDIUM |
| Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site Scripting vulnerability. A high privileged network attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | |||||
| CVE-2022-30596 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2022-06-13 | 3.5 LOW | 5.4 MEDIUM |
| A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk. | |||||
| CVE-2022-29710 | 1 Limesurvey | 1 Limesurvey | 2022-06-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin. | |||||
| CVE-2022-30429 | 1 Neos | 1 Neos Cms | 2022-06-13 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title. The vulnerabilities were found in versions 3.3.29 and 8.0.1 and could also be present in all intermediate versions. | |||||
| CVE-2022-1988 | 1 Facturascripts | 1 Facturascripts | 2022-06-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Generic in GitHub repository neorazorx/facturascripts prior to 2022.09. | |||||
| CVE-2022-1980 | 1 Product Show Room Site Project | 1 Product Show Room Site | 2022-06-10 | N/A | N/A |
| A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been rated as problematic. This issue affects the file /admin/?page=system_info/contact_info. The manipulation of the textbox Telephone with the input <script>alert(1)</script> leads to cross site scripting. The attack may be initiated remotely but requires authentication. Exploit details have been disclosed to the public. | |||||
| CVE-2020-36527 | 1 Aptis-solutions | 1 Server Status | 2022-06-10 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Server Status. This issue affects some unknown processing of the component HTTP Status/SMTP Status. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2020-36526 | 1 Akeles | 1 Countdown Timer | 2022-06-10 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability classified as problematic was found in Countdown Timer. This vulnerability affects unknown code of the component Macro Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2020-36523 | 1 Avono | 1 Plantuml | 2022-06-10 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability was found in PlantUML 6.43. It has been declared as problematic. Affected by this vulnerability is the component Database Information Macro. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2020-36524 | 1 Refined | 1 Refined Toolkit | 2022-06-10 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability was found in Refined Toolkit. It has been rated as problematic. Affected by this issue is some unknown functionality of the component UI-Image/UI-Button. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2020-36525 | 1 Servicerocket | 1 Linking | 2022-06-10 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability classified as problematic has been found in Linking. This affects an unknown part of the component New Windows Macro. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-26497 | 1 Bigbluebutton | 1 Greenlight | 2022-06-10 | 3.5 LOW | 5.4 MEDIUM |
| BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have a username containing a JavaScript payload. The payload gets executed in the browser of the victim in the "Share room access" dialog if the victim has shared access to the particular room with the attacker previously. | |||||
| CVE-2021-38221 | 1 Bbs-go Project | 1 Bbs-go | 2022-06-10 | 3.5 LOW | 5.4 MEDIUM |
| bbs-go <= 3.3.0 including Custom Edition is vulnerable to stored XSS. | |||||
| CVE-2022-30514 | 1 School Dormitory Management System Project | 1 School Dormitory Management System | 2022-06-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:126. | |||||
| CVE-2022-30513 | 1 School Dormitory Management System Project | 1 School Dormitory Management System | 2022-06-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:125 | |||||
| CVE-2022-30482 | 1 Ecommerce-project-with-php-and-mysqli-fruits-bazar Project | 1 Ecommerce-project-with-php-and-mysqli-fruits-bazar | 2022-06-10 | 3.5 LOW | 4.8 MEDIUM |
| Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- 1.0 is vulnerable to Cross Site Scripting (XSS) in \admin\add_cata.php via the ctg_name parameters. | |||||
| CVE-2022-30999 | 1 Friendsofflarum | 1 Upload | 2022-06-10 | 3.5 LOW | 5.4 MEDIUM |
| FriendsofFlarum (FoF) Upload is an extension that handles file uploads intelligently for your forum. If FoF Upload prior to version 1.2.3 is configured to allow the uploading of SVG files ('image/svg+xml'), navigating directly to an SVG file URI could execute arbitrary Javascript code decided by an attacker. This Javascript code could include the execution of HTTP web requests to Flarum, or any other web service. This could allow data to be leaked by an authenticated Flarum user, or, possibly, for data to be modified maliciously. This issue has been patched with v1.2.3, which now sanitizes uploaded SVG files. As a workaround, remove the ability for users to upload SVG files through FoF Upload. | |||||
| CVE-2022-29732 | 1 Deltacontrols | 2 Entelitouch, Entelitouch Firmware | 2022-06-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting (XSS) vulnerability via the Username parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||