Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22777 | 1 Tibco | 1 Businessconnect Trading Community Management | 2022-05-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow an unauthenticated attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below. | |||||
| CVE-2022-22776 | 1 Tibco | 1 Businessconnect Trading Community Management | 2022-05-31 | 3.5 LOW | 5.4 MEDIUM |
| The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains easily exploitable vulnerabilities that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using these vulnerabilities requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below. | |||||
| CVE-2022-30837 | 1 Toll Tax Management System Project | 1 Toll Tax Management System | 2022-05-29 | 3.5 LOW | 5.4 MEDIUM |
| Toll-tax-management-system v1.0 is vulnerable to Cross Site Scripting (XSS) via /ttms/classes/Master.php?f=save_recipient, vehicle_name. | |||||
| CVE-2022-30015 | 1 Simple Food Website Project | 1 Simple Food Website | 2022-05-29 | 3.5 LOW | 5.4 MEDIUM |
| In Simple Food Website 1.0, a moderation can put the Cross Site Scripting Payload in any of the fields on http://127.0.0.1:1234/food/admin/all_users.php like Full Username, etc .This causes stored xss. | |||||
| CVE-2022-30017 | 1 Rescue Dispatch Management System Project | 1 Rescue Dispatch Management System | 2022-05-29 | 3.5 LOW | 5.4 MEDIUM |
| Rescue Dispatch Management System 1.0 suffers from Stored XSS, leading to admin account takeover via cookie stealing. | |||||
| CVE-2022-29005 | 1 Online Birth Certificate System Project | 1 Online Birth Certificate System | 2022-05-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname or lname parameters. | |||||
| CVE-2022-29004 | 1 E-diary Management System Project | 1 E-diary Management System | 2022-05-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php. | |||||
| CVE-2022-1547 | 1 Wpchill | 1 Check \& Log Email | 2022-05-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Check & Log Email WordPress plugin before 1.0.6 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-1558 | 1 Curtain Project | 1 Curtain | 2022-05-29 | 3.5 LOW | 4.8 MEDIUM |
| The Curtain WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed | |||||
| CVE-2022-0346 | 1 Xmlsitemapgenerator | 1 Xml Sitemap Generator | 2022-05-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include is turned on. | |||||
| CVE-2022-1320 | 1 10web | 1 Sliderby10web | 2022-05-29 | 3.5 LOW | 4.8 MEDIUM |
| The Sliderby10Web WordPress plugin before 1.2.52 does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2022-30462 | 1 Water Billing System Project | 1 Water Billing System | 2022-05-28 | 3.5 LOW | 5.4 MEDIUM |
| Water-billing-management-system v1.0 is affected by: Cross Site Scripting (XSS) via /wbms/classes/Users.php?f=save, firstname. | |||||
| CVE-2022-30460 | 1 Simple Social Networking Site Project | 1 Simple Social Networking Site | 2022-05-28 | 3.5 LOW | 5.4 MEDIUM |
| Simple Social Networking Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /sns/classes/Users.php?f=save, firstname. | |||||
| CVE-2022-30458 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2022-05-28 | 3.5 LOW | 5.4 MEDIUM |
| Automotive Shop Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /asms/classes/Master.php?f=save_product, name. | |||||
| CVE-2022-30456 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-05-28 | 3.5 LOW | 5.4 MEDIUM |
| Badminton Center Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /bcms/classes/Master.php?f=save_court_rental. | |||||
| CVE-2022-30839 | 1 Room Rent Portal Site Project | 1 Room Rent Portal Site | 2022-05-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Room-rent-portal-site v1.0 is vulnerable to Cross Site Scripting (XSS) via /rrps/classes/Master.php?f=save_category, vehicle_name. | |||||
| CVE-2022-30842 | 1 Covid 19 Travel Pass Management System Project | 1 Covid 19 Travel Pass Management System | 2022-05-28 | 3.5 LOW | 5.4 MEDIUM |
| Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ctpms/classes/Users.php?f=save, firstname. | |||||
| CVE-2022-1825 | 1 Collectiveaccess | 1 Providence | 2022-05-27 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository collectiveaccess/providence prior to 1.8. | |||||
| CVE-2022-1298 | 1 Wpshopmart | 1 Tabs Responsive | 2022-05-27 | 3.5 LOW | 4.8 MEDIUM |
| The Tabs WordPress plugin before 2.2.8 does not sanitise and escape Tab descriptions, which could allow high privileged users with a role as low as editor to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-1268 | 1 Donate Extra Project | 1 Donate Extra | 2022-05-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Donate Extra WordPress plugin through 2.02 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected cross-Site Scripting | |||||