Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30349 | 1 Sscms | 1 Siteserver Cms | 2022-06-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2022-29734 | 1 Ict | 2 Protege Gx, Protege Wx | 2022-06-09 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. | |||||
| CVE-2022-29711 | 1 Librenms | 1 Librenms | 2022-06-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php. | |||||
| CVE-2022-29598 | 1 Solutions-atlantic | 1 Regulatory Reporting System | 2022-06-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to an reflected Cross-Site Scripting (XSS) vulnerability via RRSWeb/maint/ShowDocument/ShowDocument.aspx . | |||||
| CVE-2022-29628 | 1 Online Market Place Site Project | 1 Online Market Place Site | 2022-06-09 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /omps/seller of Online Market Place Site v1.0 allows attackers to execute arbitrary web cripts or HTML via a crafted payload injected into the Page parameter. | |||||
| CVE-2022-29540 | 1 Resi | 1 Gemini-net | 2022-06-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints, | |||||
| CVE-2022-29648 | 1 Jflyfox | 1 Jfinal Cms | 2022-06-09 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request. | |||||
| CVE-2022-29653 | 1 Ofcms Project | 1 Ofcms | 2022-06-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json. | |||||
| CVE-2022-26972 | 1 Barco | 1 Control Room Management Suite | 2022-06-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to reflected XSS. | |||||
| CVE-2022-26974 | 1 Barco | 1 Control Room Management Suite | 2022-06-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a file upload mechanism. Lack of input sanitization in the upload mechanism leads to reflected XSS. | |||||
| CVE-2022-26976 | 1 Barco | 1 Control Room Management Suite | 2022-06-09 | 3.5 LOW | 5.4 MEDIUM |
| Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS. | |||||
| CVE-2022-26977 | 1 Barco | 1 Control Room Management Suite | 2022-06-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization of the upload mechanism is leads to stored XSS. | |||||
| CVE-2022-26978 | 1 Barco | 1 Control Room Management Suite | 2022-06-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint. The os_username parameters is not correctly sanitized, leading to reflected XSS. | |||||
| CVE-2022-24967 | 1 Blackrainbow | 1 Nimbus | 2022-06-09 | 3.5 LOW | 5.4 MEDIUM |
| Black Rainbow NIMBUS before 3.7.0 allows stored Cross-site Scripting (XSS). | |||||
| CVE-2021-36866 | 1 Fatcatapps | 1 Easy Pricing Tables | 2022-06-09 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Easy Pricing Tables plugin <= 3.1.2 at WordPress. | |||||
| CVE-2022-29258 | 1 Xwiki | 1 Xwiki | 2022-06-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| XWiki Platform Filter UI provides a generic user interface to convert from a XWiki Filter input stream to an output stream with settings for each stream. Starting with versions 6.0-milestone-2 and 5.4.4 and prior to versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3, XWiki Platform Filter UI contains a possible cross-site scripting vector in the `Filter.FilterStreamDescriptorForm` wiki page related to pretty much all the form fields printed in the home page of the application. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest workaround is to edit the wiki page `Filter.FilterStreamDescriptorForm` (with wiki editor) according to the instructions in the GitHub Security Advisory. | |||||
| CVE-2022-20802 | 1 Cisco | 1 Enterprise Chat And Email | 2022-06-09 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials. | |||||
| CVE-2022-20765 | 1 Cisco | 1 Ucs Director | 2022-06-09 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability in the web applications of Cisco UCS Director could allow an authenticated, remote attacker to conduct a cross-site scripting attack on an affected system. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to affected web applications. A successful exploit could allow the attacker to rewrite web page content, access sensitive information stored in the applications, and alter data by submitting forms. | |||||
| CVE-2021-27778 | 1 Hcltech | 1 Traveler | 2022-06-08 | 3.5 LOW | 4.8 MEDIUM |
| HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages. An attacker could exploit this vulnerability to execute a malicious script to access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. | |||||
| CVE-2021-27914 | 1 Acquia | 1 Mautic | 2022-06-08 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the installer component of Mautic before 4.3.0 allows admins to inject executable javascript | |||||