Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-21149 | 1 S-cart | 1 S-cart | 2022-05-11 | 3.5 LOW | 3.5 LOW |
| The package s-cart/s-cart before 6.9; the package s-cart/core before 6.9 are vulnerable to Cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user's account through the stolen cookie. | |||||
| CVE-2022-29947 | 1 Woodpecker-ci | 1 Woodpecker | 2022-05-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping. | |||||
| CVE-2022-26325 | 1 Microfocus | 1 Netiq Access Manager | 2022-05-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.2 | |||||
| CVE-2022-1282 | 1 10web | 1 Photo Gallery | 2022-05-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Photo Gallery by 10Web WordPress plugin before 1.6.3 does not properly sanitize the $_GET['image_url'] variable, which is reflected back to the users when executing the editimage_bwg AJAX action. | |||||
| CVE-2022-28588 | 1 Springbootmovie Project | 1 Springbootmovie | 2022-05-10 | 3.5 LOW | 5.4 MEDIUM |
| In SpringBootMovie <=1.2 when adding movie names, malicious code can be stored because there are no filtering parameters, resulting in stored XSS. | |||||
| CVE-2022-28599 | 1 Thedaylightstudio | 1 Fuel Cms | 2022-05-10 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack. | |||||
| CVE-2021-32792 | 3 Apache, Fedoraproject, Zmartzone | 3 Http Server, Fedora, Mod Auth Openidc | 2022-05-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`. | |||||
| CVE-2021-41948 | 1 Intelliants | 1 Subrion | 2022-05-10 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability exists in the "contact us" plugin for Subrion CMS <= 4.2.1 version via "List of subjects". | |||||
| CVE-2022-1526 | 1 Emlog | 1 Emlog | 2022-05-10 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in Emlog Pro up to 1.2.2. This affects the POST parameter handling of articles. The manipulation with the input <script>alert(1);</script> leads to cross site scripting. It is possible to initiate the attack remotely but it requires a signup and login by the attacker. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-23065 | 1 Vendure | 1 Vendure | 2022-05-10 | 3.5 LOW | 5.4 MEDIUM |
| In Vendure versions 0.1.0-alpha.2 to 1.5.1 are affected by Stored XSS vulnerability, where an attacker having catalog permission can upload a SVG file that contains malicious JavaScript into the “Assets” tab. The uploaded file will affect administrators as well as regular users. | |||||
| CVE-2022-1175 | 1 Gitlab | 1 Gitlab | 2022-05-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes. | |||||
| CVE-2022-26565 | 1 Totaljs | 1 Content Management System | 2022-05-10 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Totaljs all versions before commit 95f54a5commit, allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Name text field when creating a new page. | |||||
| CVE-2021-41810 | 1 M-files | 1 Server | 2022-05-10 | 3.5 LOW | 4.8 MEDIUM |
| Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable | |||||
| CVE-2021-39390 | 1 Partkeepr | 1 Partkeepr | 2022-05-10 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints via name parameter. | |||||
| CVE-2021-25102 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2022-05-10 | 2.6 LOW | 4.7 MEDIUM |
| The All In One WP Security & Firewall WordPress plugin before 4.4.11 does not validate, sanitise and escape the redirect_to parameter before using it to redirect user, either via a Location header, or meta url attribute, when the Rename Login Page is active, which could lead to an Arbitrary Redirect as well as Cross-Site Scripting issue. Exploitation of this issue requires the Login Page URL value to be known, which should be hard to guess, reducing the risk | |||||
| CVE-2022-29444 | 1 Cloudways | 1 Breeze | 2022-05-09 | 3.5 LOW | 5.4 MEDIUM |
| Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wp_ajax_* actions in the class Breeze_Configuration which includes the ability to change any of the plugin's settings including CDN setting which could be further used for XSS attack. | |||||
| CVE-2020-23617 | 1 Totolink | 4 N100re, N100re Firmware, N200re and 1 more | 2022-05-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element. | |||||
| CVE-2021-36844 | 1 Mythemeshop | 1 Wp Subscribe | 2022-05-09 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MyThemeShop WP Subscribe plugin <= 1.2.12 on WordPress. | |||||
| CVE-2022-28589 | 1 Pixelimity | 1 Pixelimity | 2022-05-09 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Pixelimity 1.0 allows attackers to execute arbitrary web scripts or HTML via the Title field in admin/pages.php?action=add_new | |||||
| CVE-2020-23618 | 1 Xtendtech | 1 Voice Logger | 2022-05-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross site scripting (XSS) vulnerability in Xtend Voice Logger 1.0 allows attackers to execute arbitrary web scripts or HTML, via the path of the error page. | |||||