Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27308 | 1 Phprojekt Phpsimplygest Project | 1 Phprojekt Phpsimplygest | 2022-05-17 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in PHProjekt PhpSimplyGest v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a project title. | |||||
| CVE-2022-1047 | 1 Themify | 1 Post Type Builder Search Addon | 2022-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Themify Post Type Builder Search Addon WordPress plugin before 1.4.0 does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability. | |||||
| CVE-2022-1104 | 1 Code-atlantic | 1 Popup Maker | 2022-05-17 | 3.5 LOW | 4.8 MEDIUM |
| The Popup Maker WordPress plugin before 1.16.5 does not sanitise and escape some of its Popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2019-8331 | 4 F5, Getbootstrap, Redhat and 1 more | 16 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 13 more | 2022-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. | |||||
| CVE-2022-0625 | 1 Admin Menu Editor Project | 1 Admin Menu Editor | 2022-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Admin Menu Editor WordPress plugin through 1.0.4 does not sanitize and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-29420 | 1 Edmonsoft | 1 Countdown Builder | 2022-05-16 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-circle-countdown-before-countdown and &ycd-circle-countdown-after-countdown vulnerable parameters. | |||||
| CVE-2022-29422 | 1 Edmonsoft | 1 Countdown Builder | 2022-05-16 | 3.5 LOW | 4.8 MEDIUM |
| Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabilities in Adam Skaat's Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-countdown-width, &ycd-progress-height, &ycd-progress-width, &ycd-button-margin-top, &ycd-button-margin-right, &ycd-button-margin-bottom, &ycd-button-margin-left, &ycd-circle-countdown-before-countdown, &ycd-circle-countdown-after-countdown vulnerable parameters. | |||||
| CVE-2022-29421 | 1 Edmonsoft | 1 Countdown Builder | 2022-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown & Clock plugin on WordPress via &ycd_type vulnerable parameter. | |||||
| CVE-2021-39024 | 1 Ibm | 1 Guardium Data Encryption | 2022-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213862. | |||||
| CVE-2022-28545 | 1 Fudforum | 1 Fudforum | 2022-05-16 | 3.5 LOW | 5.4 MEDIUM |
| FUDforum 3.1.1 is vulnerable to Stored XSS. | |||||
| CVE-2022-1338 | 1 Commonninja | 1 Easily Generate Rest Api | 2022-05-16 | 3.5 LOW | 4.8 MEDIUM |
| The Easily Generate Rest API Url WordPress plugin through 1.0.0 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-1303 | 1 Slide Anything Project | 1 Slide Anything | 2022-05-16 | 3.5 LOW | 4.8 MEDIUM |
| The Slide Anything WordPress plugin before 2.3.44 does not sanitize and escape sliders' description, which could allow high privilege users such as editor and above to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed | |||||
| CVE-2022-1171 | 1 Vertical Scroll Recent Post Project | 1 Vertical Scroll Recent Post | 2022-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Vertical scroll recent post WordPress plugin before 14.0 does not sanitise and escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0898 | 1 Getigniteup | 1 Igniteup | 2022-05-16 | 3.5 LOW | 5.4 MEDIUM |
| The IgniteUp WordPress plugin through 3.4.1 does not sanitise and escape some fields when high privilege users don't have the unfiltered_html capability, which could lead to Stored Cross-Site Scripting issues | |||||
| CVE-2022-0874 | 1 Wp-experts | 1 Wp Social Buttons | 2022-05-16 | 3.5 LOW | 4.8 MEDIUM |
| The WP Social Buttons WordPress plugin through 2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2017-4967 | 3 Debian, Pivotal Software, Vmware | 3 Debian Linux, Rabbitmq, Rabbitmq | 2022-05-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks. | |||||
| CVE-2017-4965 | 3 Debian, Pivotal Software, Vmware | 3 Debian Linux, Rabbitmq, Rabbitmq | 2022-05-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks. | |||||
| CVE-2008-3023 | 2 Fswiki, Microsoft | 2 Freestyle Wiki, Internet Explorer | 2022-05-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.6.2 and earlier, and 3.6.3 dev3 and earlier development versions, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2005-1799. | |||||
| CVE-2022-28507 | 1 Bdt-121 Project | 2 Bdt-121, Bdt-121 Firmware | 2022-05-13 | 3.5 LOW | 4.8 MEDIUM |
| Dragon Path Technologies Bharti Airtel Routers Hardware BDT-121 version 1.0 is vulnerable to Cross Site Scripting (XSS) via Dragon path router admin page. | |||||
| CVE-2022-27183 | 1 Splunk | 1 Splunk | 2022-05-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. The Monitoring Console app is a bundled app included in Splunk Enterprise, not for download on SplunkBase, and not installed on Splunk Cloud Platform instances. Note that the Cloud Monitoring Console is not impacted. | |||||