Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29530 | 1 Misp | 1 Misp | 2022-04-26 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters. | |||||
| CVE-2022-29533 | 1 Misp | 1 Misp | 2022-04-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in MISP before 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation with a "weird single checkbox page." | |||||
| CVE-2022-29532 | 1 Misp | 1 Misp | 2022-04-26 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: URL in the URL field, and another administrator clicks on it. | |||||
| CVE-2020-25163 | 1 Osisoft | 1 Pi Vision | 2022-04-26 | 4.9 MEDIUM | 7.3 HIGH |
| A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision 2020 versions prior to 3.5.0. Unauthorized information disclosure, modification, or deletion is also possible if a victim views or interacts with the infected display. This vulnerability affects PI System data and other data accessible with victim’s user permissions. | |||||
| CVE-2022-1088 | 1 Contextureintl | 1 Page Security \& Membership | 2022-04-26 | 3.5 LOW | 4.8 MEDIUM |
| The Page Security & Membership WordPress plugin through 1.5.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-1063 | 1 Thank Me Later Project | 1 Thank Me Later | 2022-04-26 | 3.5 LOW | 4.8 MEDIUM |
| The Thank Me Later WordPress plugin through 3.3.4 does not sanitise and escape the Message Subject field before outputting it in the Messages list, which could allow high privileges users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-23285 | 1 Eaton | 1 Intelligent Power Manager | 2022-04-26 | 3.5 LOW | 4.8 MEDIUM |
| Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to reflected Cross-site Scripting vulnerability. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.5.0plus205 and prior versions. | |||||
| CVE-2021-23284 | 1 Eaton | 1 Intelligent Power Manager Infrastructure | 2022-04-26 | 3.5 LOW | 4.8 MEDIUM |
| Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to Stored Cross-site Scripting vulnerability. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.5.0plus205 and prior versions. | |||||
| CVE-2022-0737 | 1 Text Hover Project | 1 Text Hover | 2022-04-26 | 3.5 LOW | 4.8 MEDIUM |
| The Text Hover WordPress plugin before 4.2 does not sanitize and escape the text to hover, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-0765 | 1 Loco Translate Project | 1 Loco Translate | 2022-04-26 | 3.5 LOW | 5.4 MEDIUM |
| The Loco Translate WordPress plugin before 2.6.1 does not properly remove inline events from elements in the source translation strings before outputting them in the editor in the plugin admin panel, allowing any user with access to the plugin (Translator and Administrator by default) to add arbitrary javascript payloads to the source strings leading to a stored cross-site scripting (XSS) vulnerability. | |||||
| CVE-2022-0780 | 1 Searchiq | 1 Searchiq | 2022-04-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The SearchIQ WordPress plugin before 3.9 contains a flag to disable the verification of CSRF nonces, granting unauthenticated attackers access to the siq_ajax AJAX action and allowing them to perform Cross-Site Scripting attacks due to the lack of sanitisation and escaping in the customCss parameter | |||||
| CVE-2022-0879 | 1 Calderaforms | 1 Caldera Forms | 2022-04-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0994 | 1 Incsub | 1 Hummingbird | 2022-04-26 | 3.5 LOW | 4.8 MEDIUM |
| The Hummingbird WordPress plugin before 3.3.2 does not sanitise and escape the Config Name, which could allow high privilege users, such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-0571 | 2 Fedoraproject, Phoronix-media | 3 Extra Packages For Enterprise Linux, Fedora, Phoronix Test Suite | 2022-04-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2. | |||||
| CVE-2021-3318 | 1 Dzzoffice | 1 Dzzoffice | 2022-04-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter. | |||||
| CVE-2021-1543 | 1 Cisco | 18 Sf220-24, Sf220-24 Firmware, Sf220-24p and 15 more | 2022-04-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-28280 | 1 Php-fusion | 1 Phpfusion | 2022-04-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML | |||||
| CVE-2021-29209 | 1 Hp | 29 Integrated Lights-out 4, Integrated Lights-out 5, Proliant Bl460c Gen10 Server Blade and 26 more | 2022-04-25 | 3.5 LOW | 4.8 MEDIUM |
| A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78. | |||||
| CVE-2021-29210 | 1 Hp | 29 Integrated Lights-out 4, Integrated Lights-out 5, Proliant Bl460c Gen10 Server Blade and 26 more | 2022-04-25 | 3.5 LOW | 4.8 MEDIUM |
| A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78. | |||||
| CVE-2020-35204 | 1 Quest | 1 Policy Authority For Unified Communications | 2022-04-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the PolicyAuthority/Common/FolderControl.jsp file via the unqID parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||