Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30968 | 1 Jenkins | 1 Vboxwrapper | 2022-05-25 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins vboxwrapper Plugin 1.3 and earlier does not escape the name and description of VBox node parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-23659 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2022-05-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| A remote reflected cross site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2022-30966 | 1 Jenkins | 1 Random String Parameter | 2022-05-25 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Random String Parameter Plugin 1.0 and earlier does not escape the name and description of Random String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-30970 | 1 Jenkins | 1 Autocomplete Parameter | 2022-05-25 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropdown Autocomplete parameter and Auto Complete String parameter names in an unsafe manner from Javascript embedded in view definitions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2021-33021 | 1 Xarrow | 1 Xarrow | 2022-05-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘edate’ of the resource xhisalarm.htm, which may allow an unauthorized attacker to execute arbitrary code. | |||||
| CVE-2022-30777 | 1 Parallels | 1 H-sphere | 2022-05-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter. | |||||
| CVE-2021-33001 | 1 Xarrow | 1 Xarrow | 2022-05-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘bdate’ of the resource xhisvalue.htm, which may allow an unauthorized attacker to execute arbitrary code. | |||||
| CVE-2022-30960 | 1 Jenkins | 1 Application Detector | 2022-05-25 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Application Detector Plugin 1.0.8 and earlier does not escape the name of Chois Application Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-30961 | 1 Jenkins | 1 Autocomplete Parameter | 2022-05-25 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Autocomplete Parameter Plugin 1.1 and earlier does not escape the name of Dropdown Autocomplete and Auto Complete String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-30962 | 1 Jenkins | 1 Global Variable String Parameter | 2022-05-25 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Global Variable String Parameter Plugin 1.2 and earlier does not escape the name and description of Global Variable String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-30963 | 1 Jenkins | 1 Jdk Parameter | 2022-05-25 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-1062 | 1 Th23 | 1 Th23 Social | 2022-05-25 | 3.5 LOW | 4.8 MEDIUM |
| The th23 Social WordPress plugin through 1.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-1726 | 1 Bootstrap-table | 1 Bootstrap Table | 2022-05-24 | 3.5 LOW | 5.4 MEDIUM |
| Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties. | |||||
| CVE-2022-1559 | 1 Clipr | 1 Clipr | 2022-05-24 | 3.5 LOW | 4.8 MEDIUM |
| The Clipr WordPress plugin through 1.2.3 does not sanitise and escape its API Key settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-1557 | 1 Uleak-security-dashboard Project | 1 Uleak-security-dashboard | 2022-05-24 | 3.5 LOW | 5.4 MEDIUM |
| The ULeak Security & Monitoring WordPress plugin through 1.2.3 does not have authorisation and CSRF checks when updating its settings, and is also lacking sanitisation as well as escaping in some of them, which could allow any authenticated users such as subscriber to perform Stored Cross-Site Scripting attacks against admins viewing the settings | |||||
| CVE-2022-1512 | 1 Scrollrevealjs-effects Project | 1 Scrollrevealjs-effects | 2022-05-24 | 3.5 LOW | 4.8 MEDIUM |
| The ScrollReveal.js Effects WordPress plugin through 1.2 does not sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2022-30050 | 1 Sir | 1 Gnuboard | 2022-05-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via bbs/member_confirm.php. | |||||
| CVE-2022-1216 | 1 Advanced Image Sitemap Project | 1 Advanced Image Sitemap | 2022-05-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Advanced Image Sitemap WordPress plugin through 1.2 does not sanitise and escape the PHP_SELF PHP variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting. | |||||
| CVE-2022-1217 | 1 Custom Tinymce Shortcode Button Project | 1 Custom Tinymce Shortcode Button | 2022-05-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 does not sanitise and escape the PHP_SELF variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting. | |||||
| CVE-2022-1265 | 1 Ait-pro | 1 Bulletproof Security | 2022-05-24 | 3.5 LOW | 4.8 MEDIUM |
| The BulletProof Security WordPress plugin before 6.1 does not sanitize and escape some of its CAPTCHA settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||