Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29811 | 1 Jetbrains | 1 Hub | 2022-05-05 | 3.5 LOW | 4.8 MEDIUM |
| In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible. | |||||
| CVE-2022-29817 | 1 Jetbrains | 1 Intellij Idea | 2022-05-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible | |||||
| CVE-2022-27103 | 1 Element-plus | 1 Element-plus | 2022-05-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS) via el-table-column. | |||||
| CVE-2022-1396 | 1 Donorbox | 1 Donorbox | 2022-05-05 | 3.5 LOW | 4.8 MEDIUM |
| The Donorbox WordPress plugin before 7.1.7 does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-28094 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2022-05-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the fid parameter at booking.php. | |||||
| CVE-2022-26564 | 1 Digitaldruid | 1 Hoteldruid | 2022-05-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php. | |||||
| CVE-2022-29415 | 1 Ravpage Project | 1 Ravpage | 2022-05-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in Mati Skiba @ Rav Messer's Ravpage plugin <= 2.16 at WordPress. | |||||
| CVE-2022-28448 | 1 Nopcommerce | 1 Nopcommerce | 2022-05-04 | 3.5 LOW | 5.4 MEDIUM |
| nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An attacker (role customer) can inject javascript code to First name or Last name at Customer Info. | |||||
| CVE-2022-28449 | 1 Nopcommerce | 1 Nopcommerce | 2022-05-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At Apply for vendor account feature, an attacker can upload an arbitrary file to the system. | |||||
| CVE-2022-28450 | 1 Nopcommerce | 1 Nopcommerce | 2022-05-04 | 3.5 LOW | 5.4 MEDIUM |
| nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the "Text" parameter (forums) when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser. | |||||
| CVE-2022-28522 | 1 Zcms Project | 1 Zcms | 2022-05-04 | 3.5 LOW | 5.4 MEDIUM |
| ZCMS v20170206 was discovered to contain a stored cross-site scripting (XSS) vulnerability via index.php?m=home&c=message&a=add. | |||||
| CVE-2021-41161 | 1 Combodo | 1 Itop | 2022-05-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Combodo iTop is a web based IT Service Management tool. In versions prior to 3.0.0-beta6 the export CSV page don't properly escape the user supplied parameters, allowing for javascript injection into rendered csv files. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-20778 | 1 Cisco | 1 Webex Meetings | 2022-05-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the authentication component of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the authentication component of Cisco Webex Meetings. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2022-1458 | 1 Open-emr | 1 Openemr | 2022-05-04 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1. | |||||
| CVE-2022-1457 | 1 Facturascripts | 1 Facturascripts | 2022-05-04 | 3.5 LOW | 5.4 MEDIUM |
| Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neorazorx/facturascripts prior to 2022.04. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user's machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account. | |||||
| CVE-2022-20788 | 1 Cisco | 2 Unified Communications Manager, Unity Connection | 2022-05-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. | |||||
| CVE-2022-22345 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2022-05-04 | 3.5 LOW | 4.8 MEDIUM |
| IBM QRadar 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 220041. | |||||
| CVE-2022-26673 | 1 Asus | 2 Rt-ax88u, Rt-ax88u Firmware | 2022-05-04 | 3.5 LOW | 5.4 MEDIUM |
| ASUS RT-AX88U has insufficient filtering for special characters in the HTTP header parameter. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform Stored Cross-Site Scripting (XSS) attacks. | |||||
| CVE-2022-28367 | 1 Antisamy Project | 1 Antisamy | 2022-05-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. | |||||
| CVE-2022-28074 | 1 Fit2cloud | 1 Halo | 2022-05-03 | 3.5 LOW | 4.8 MEDIUM |
| Halo-1.5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via \admin\index.html#/system/tools. | |||||