Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22181 | 1 Juniper | 1 Junos | 2022-04-21 | 3.5 LOW | 5.4 MEDIUM |
| A reflected Cross-site Scripting (XSS) vulnerability in J-Web of Juniper Networks Junos OS allows a network-based authenticated attacker to run malicious scripts reflected off J-Web to the victim's browser in the context of their session within J-Web. This may allow the attacker to gain control of the device or attack other authenticated user sessions. This issue affects: Juniper Networks Junos OS All versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. | |||||
| CVE-2021-45228 | 1 Coins-global | 1 Coins Construction Cloud | 2022-04-21 | 3.5 LOW | 5.4 MEDIUM |
| An XSS issue was discovered in COINS Construction Cloud 11.12. Due to insufficient neutralization of user input in the description of a task, it is possible to store malicious JavaScript code in the task description. This is later executed when it is reflected back to the user. | |||||
| CVE-2021-45227 | 1 Coins-global | 1 Coins Construction Cloud | 2022-04-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in COINS Construction Cloud 11.12. Due to an inappropriate use of HTML IFRAME elements, the file upload functionality is vulnerable to a persistent Cross-Site Scripting (XSS) attack. | |||||
| CVE-2022-27503 | 1 Citrix | 1 Storefront Server | 2022-04-20 | 2.6 LOW | 6.1 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9 | |||||
| CVE-2021-42136 | 1 Vanderbilt | 1 Redcap | 2022-04-20 | 3.5 LOW | 9.0 CRITICAL |
| A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value. This can then be leveraged to execute a Cross-Site Request Forgery attack to escalate privileges to administrator. | |||||
| CVE-2022-1330 | 1 Fullpage Project | 1 Fullpage | 2022-04-20 | 3.5 LOW | 5.4 MEDIUM |
| stored xss due to unsantized anchor url in GitHub repository alvarotrigo/fullpage.js prior to 4.0.4. stored xss . | |||||
| CVE-2022-29045 | 1 Jenkins | 1 Promoted Builds | 2022-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-29038 | 1 Jenkins | 1 Extended Choice Parameter | 2022-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-29044 | 1 Jenkins | 1 Node And Label Parameter | 2022-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Node and Label parameter Plugin 1.10.3 and earlier does not escape the name and description of Node and Label parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-29043 | 1 Jenkins | 1 Mask Passwords | 2022-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-29042 | 1 Jenkins | 1 Job Generator | 2022-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Job Generator Plugin 1.22 and earlier does not escape the name and description of Generator Parameter and Generator Choice parameters on Job Generator jobs' Build With Parameters views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-29041 | 1 Jenkins | 1 Jira | 2022-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-29040 | 1 Jenkins | 1 Git Parameter | 2022-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Git Parameter Plugin 0.9.15 and earlier does not escape the name and description of Git parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-29037 | 1 Jenkins | 1 Cvs | 2022-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-29039 | 1 Jenkins | 1 Gerrit Trigger | 2022-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-29036 | 1 Jenkins | 1 Credentials | 2022-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 1087.1089.v2f1b_9a_b_040e4, 1074.1076.v39c30cecb_0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-26144 | 1 Mantisbt | 1 Mantisbt | 2022-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in MantisBT before 2.25.3. Improper escaping of a Plugin name allows execution of arbitrary code (if CSP allows it) in manage_plugin_page.php and manage_plugin_uninstall.php when a crafted plugin is installed. | |||||
| CVE-2020-29653 | 1 Froxlor | 1 Froxlor | 2022-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arbitrary HTML tags. | |||||
| CVE-2022-27475 | 1 Hotel Management System Project | 1 Hotel Management System | 2022-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in tramyardg hotel-mgmt-system, allows attackers to execute arbitrary code when when /admin.php is loaded. | |||||
| CVE-2022-28216 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2022-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated attacker due to improper sanitization of the user inputs on the network. On successful exploitation, an attacker can access certain reports causing a limited impact on confidentiality of the application data. | |||||