Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-32160 | 1 Webmin | 1 Webmin | 2022-04-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature. | |||||
| CVE-2021-32158 | 1 Webmin | 1 Webmin | 2022-04-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature. | |||||
| CVE-2021-32161 | 1 Webmin | 1 Webmin | 2022-04-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature. | |||||
| CVE-2022-1007 | 1 Elbtide | 1 Advanced Booking Calendar | 2022-04-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the room parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2022-0936 | 1 Autolabproject | 1 Autolab | 2022-04-14 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository autolab/autolab prior to 2.8.0. | |||||
| CVE-2021-32157 | 1 Webmin | 1 Webmin | 2022-04-14 | 6.8 MEDIUM | 9.6 CRITICAL |
| A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature. | |||||
| CVE-2022-27961 | 1 Ofcms Project | 1 Ofcms | 2022-04-14 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box. | |||||
| CVE-2021-43009 | 1 Opservices | 1 Opmon | 2022-04-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in OpServices OpMon through 9.11 via the search parameter in the request URL. | |||||
| CVE-2022-20741 | 1 Cisco | 1 Secure Network Analytics | 2022-04-14 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of the Network Diagrams application for Cisco Secure Network Analytics, formerly Stealthwatch Enterprise, could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2022-24229 | 1 Onlyoffice | 1 Document Server | 2022-04-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor. | |||||
| CVE-2021-46437 | 1 Zzcms | 1 Zzcms | 2022-04-14 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in ZZCMS 2021. There is a cross-site scripting (XSS) vulnerability in ad_manage.php. | |||||
| CVE-2022-27348 | 1 Socialcodia | 1 Social Codia Sms | 2022-04-14 | 3.5 LOW | 4.8 MEDIUM |
| Social Codia SMS v1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field. | |||||
| CVE-2022-20781 | 1 Cisco | 2 Asyncos, Web Security Appliance | 2022-04-14 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface. | |||||
| CVE-2019-13209 | 1 Suse | 1 Rancher | 2022-04-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is accomplished, the exploiter is able to execute commands against the cluster's Kubernetes API with the permissions and identity of the victim. | |||||
| CVE-2021-25313 | 1 Suse | 1 Rancher | 2022-04-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rancher allows remote attackers to execute JavaScript via malicious links. This issue affects: SUSE Rancher Rancher versions prior to 2.5.6. | |||||
| CVE-2022-27063 | 1 Aerocms Project | 1 Aerocms | 2022-04-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field. | |||||
| CVE-2022-27062 | 1 Aerocms Project | 1 Aerocms | 2022-04-13 | 3.5 LOW | 4.8 MEDIUM |
| AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field. | |||||
| CVE-2021-43432 | 1 Exrick | 1 Xmall | 2022-04-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in Exrick XMall Admin Panel as of 11/7/2021 via the GET parameter in product-add.jsp. | |||||
| CVE-2022-27107 | 1 Orangehrm | 1 Orangehrm | 2022-04-13 | 3.5 LOW | 5.4 MEDIUM |
| OrangeHRM 4.10 is vulnerable to Stored XSS in the "Share Video" section under "OrangeBuzz" via the GET/POST "createVideo[linkAddress]" parameter | |||||
| CVE-2021-32585 | 1 Fortinet | 1 Fortiwan | 2022-04-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiWAN before 4.5.9 may allow an attacker to perform a stored cross-site scripting attack via specifically crafted HTTP requests. | |||||