Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10241 | 4 Apache, Debian, Eclipse and 1 more | 7 Activemq, Drill, Debian Linux and 4 more | 2022-04-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents. | |||||
| CVE-2020-13959 | 2 Apache, Debian | 2 Velocity Tools, Debian Linux | 2022-04-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to execute arbitrary JavaScript in the context of the attacked website and the attacked user. This can be abused to steal session cookies, perform requests in the name of the victim or for phishing attacks. | |||||
| CVE-2020-35240 | 1 Fluxbb | 1 Fluxbb | 2022-04-22 | 3.5 LOW | 4.8 MEDIUM |
| FluxBB 1.5.11 is affected by cross-site scripting (XSS in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in "Blog Content" and each time any user will visit the blog, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload. | |||||
| CVE-2022-24855 | 1 Metabase | 1 Metabase | 2022-04-22 | 3.5 LOW | 5.4 MEDIUM |
| Metabase is an open source business intelligence and analytics application. In affected versions Metabase ships with an internal development endpoint `/_internal` that can allow for cross site scripting (XSS) attacks, potentially leading to phishing attempts with malicious links that could lead to account takeover. Users are advised to either upgrade immediately, or block access in your firewall to `/_internal` endpoints for Metabase. The following patches (or greater versions) are available: 0.42.4 and 1.42.4, 0.41.7 and 1.41.7, 0.40.8 and 1.40.8. | |||||
| CVE-2021-25161 | 2 Arubanetworks, Siemens | 3 Instant, Scalance W1750d, Scalance W1750d Firmware | 2022-04-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. | |||||
| CVE-2021-26078 | 1 Atlassian | 3 Data Center, Jira, Jira Server | 2022-04-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6, and from version 8.14.0 before version 8.16.1 allows remote attackers inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. | |||||
| CVE-2022-26624 | 1 Ecommerce Codeigniter Bootstrap Project | 1 Ecommerce Codeigniter Bootstrap | 2022-04-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Bootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Title parameter in /vendor/views/add_product.php. | |||||
| CVE-2022-26594 | 1 Liferay | 1 Liferay Portal | 2022-04-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.5 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote attackers to inject arbitrary web script or HTML via a form field's help text to (1) Forms module's form builder, or (2) App Builder module's object form view's form builder. | |||||
| CVE-2022-27848 | 1 Webnus | 1 Modern Events Calendar Lite | 2022-04-22 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) <= 6.5.1 | |||||
| CVE-2021-36828 | 1 Wp Maintenance Project | 1 Wp Maintenance | 2022-04-21 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) in WP Maintenance (WordPress plugin) <= 6.0.4 affects multiple inputs. | |||||
| CVE-2022-27258 | 1 Hubzilla | 1 Hubzilla | 2022-04-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross-Site Scripting (XSS) vulnerabilities in Hubzilla 7.0.3 and earlier allows remote attacker to include arbitrary web script or HTML via the rpath parameter. | |||||
| CVE-2022-27505 | 1 Citrix | 24 Sd-wan 1000, Sd-wan 1000 Firmware, Sd-wan 110 and 21 more | 2022-04-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected cross site scripting (XSS) | |||||
| CVE-2022-1351 | 1 Pimcore | 1 Pimcore | 2022-04-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10.4. | |||||
| CVE-2021-43154 | 1 Cmsmadesimple | 1 Cms Made Simple | 2022-04-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php. | |||||
| CVE-2021-43633 | 1 Messaging Web Application Project | 1 Messaging Web Application | 2022-04-21 | 3.5 LOW | 5.4 MEDIUM |
| Sourcecodester Messaging Web Application 1.0 is vulnerable to stored XSS. If a sender inserts valid scripts into the chat, the script will be executed on the receiver chat. | |||||
| CVE-2022-21145 | 1 Lansweeper | 1 Lansweeper | 2022-04-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting vulnerability exists in the WebUserActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2020-25158 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2022-04-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attackers to inject arbitrary web script or HTML into various locations. | |||||
| CVE-2016-1000133 | 1 Designsandcode | 1 Forget About Shortcode Buttons | 2022-04-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1 | |||||
| CVE-2016-1000136 | 1 Heat-trackr Project | 1 Heat-trackr | 2022-04-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin heat-trackr v1.0 | |||||
| CVE-2022-22182 | 1 Juniper | 1 Junos | 2022-04-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos OS J-Web allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S10, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S6; 19.2 versions prior to 19.2R1-S8, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2; 21.2 versions prior to 21.2R1-S1, 21.2R2. | |||||