Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19570 | 1 Gitlab | 1 Gitlab | 2023-03-01 | 3.5 LOW | 5.4 MEDIUM |
| GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags. | |||||
| CVE-2018-19574 | 1 Gitlab | 1 Gitlab | 2023-03-01 | 3.5 LOW | 5.4 MEDIUM |
| GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page. | |||||
| CVE-2018-19573 | 1 Gitlab | 1 Gitlab | 2023-03-01 | 3.5 LOW | 5.4 MEDIUM |
| GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid. | |||||
| CVE-2019-10887 | 1 Salicru | 1 Slc-20-cube3\(5\) | 2023-03-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected HTML injection vulnerability on Salicru SLC-20-cube3(5) devices running firmware version cs121-SNMP v4.54.82.130611 allows remote attackers to inject arbitrary HTML elements via a /DataLog.csv?log= or /AlarmLog.csv?log= or /waitlog.cgi?name= or /chart.shtml?data= or /createlog.cgi?name= request. | |||||
| CVE-2016-15025 | 1 Generator-hottowel Project | 1 Generator-hottowel | 2023-03-01 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in generator-hottowel 0.0.11. Affected is an unknown function of the file app/templates/src/server/_app.js of the component 404 Error Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is c17092fd4103143a9ddab93c8983ace8bf174396. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221484. | |||||
| CVE-2016-10867 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2023-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages. | |||||
| CVE-2015-9302 | 1 Simple Fields Project | 1 Simple Fields | 2023-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The simple-fields plugin before 1.4.11 for WordPress has XSS. | |||||
| CVE-2015-9297 | 1 Wp-events-plugin | 1 Events Manager | 2023-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.6 for WordPress has XSS. | |||||
| CVE-2017-18559 | 1 Cformsii Project | 1 Cformsii | 2023-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The cforms2 plugin before 14.13.3 for WordPress has multiple XSS issues. | |||||
| CVE-2022-4560 | 1 Joget | 1 Joget Dx | 2023-02-28 | N/A | 6.1 MEDIUM |
| A vulnerability was found in Joget up to 7.0.31. It has been rated as problematic. This issue affects the function getInternalJsCssLib of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UniversalTheme.java of the component wflow-core. The manipulation of the argument key leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 7.0.32 is able to address this issue. The name of the patch is ecf8be8f6f0cb725c18536ddc726d42a11bdaa1b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215963. | |||||
| CVE-2022-4525 | 1 Sleepdata | 1 Sleepdata | 2023-02-28 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in National Sleep Research Resource sleepdata.org up to 58.x and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 59.0.0.rc is able to address this issue. The name of the patch is da44a3893b407087829b006d09339780919714cd. It is recommended to upgrade the affected component. The identifier VDB-215905 was assigned to this vulnerability. | |||||
| CVE-2022-4524 | 1 Roots | 1 Soil | 2023-02-28 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in Roots soil Plugin up to 4.0.x. Affected is the function language_attributes of the file src/Modules/CleanUpModule.php. The manipulation of the argument language leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 4.1.0 is able to address this issue. The name of the patch is 0c9151e00ab047da253e5cdbfccb204dd423269d. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215904. | |||||
| CVE-2014-10377 | 1 Cformsii Project | 1 Cformsii | 2023-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php. | |||||
| CVE-2022-4495 | 1 Collective.dms.basecontent Project | 1 Collective.dms.basecontent | 2023-02-28 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in collective.dms.basecontent up to 1.6. This issue affects the function renderCell of the file src/collective/dms/basecontent/browser/column.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.7 is able to address this issue. The name of the patch is 6c4d616fcc771822a14ebae5e23f3f6d96d134bd. It is recommended to upgrade the affected component. The identifier VDB-215813 was assigned to this vulnerability. | |||||
| CVE-2017-1002152 | 1 Redhat | 1 Bodhi | 2023-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by incorrect validation of bug titles. | |||||
| CVE-2019-5471 | 1 Gitlab | 1 Gitlab | 2023-02-28 | 3.5 LOW | 5.4 MEDIUM |
| An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6. | |||||
| CVE-2023-1067 | 1 Pimcore | 1 Pimcore | 2023-02-28 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18. | |||||
| CVE-2023-24651 | 1 Simple Customer Relationship Management System Project | 1 Simple Customer Relationship Management System | 2023-02-28 | N/A | 5.4 MEDIUM |
| Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter on the registration page. | |||||
| CVE-2022-43579 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more | 2023-02-28 | N/A | 5.4 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238684. | |||||
| CVE-2022-40348 | 1 Intern Record System Project | 1 Intern Record System | 2023-02-28 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'name' and 'email' parameters, allows attackers to execute arbitrary code. | |||||