Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1234 | 1 Livehelperchat | 1 Live Helper Chat | 2022-04-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device. | |||||
| CVE-2020-28847 | 1 Valine.js | 1 Valine | 2022-04-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in xCss Valine v1.4.14 via the nick parameter to /classes/Comment. | |||||
| CVE-2022-0602 | 1 Tastyigniter | 1 Tastyigniter | 2022-04-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - DOM in GitHub repository tastyigniter/tastyigniter prior to 3.3.0. | |||||
| CVE-2022-27462 | 1 Wwbn | 1 Avideo | 2022-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in objects/function.php in function getDeviceID in WWBN AVideo through 11.6, via the yptDevice parameter to view/include/head.php. | |||||
| CVE-2021-40374 | 1 Apperta | 1 Openeye | 2022-04-12 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability was identified in Apperta Foundation OpenEyes 3.5.1. Updating a patient's details allows remote attackers to inject arbitrary web script or HTML via the Address1 parameter. This JavaScript then executes when the patient profile is loaded, which could be used in a XSS attack. | |||||
| CVE-2022-26615 | 1 College Website Content Management System Project | 1 College Website Content Management System | 2022-04-12 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in College Website Content Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User Profile Name text fields. | |||||
| CVE-2022-21662 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2022-04-12 | 3.5 LOW | 5.4 MEDIUM |
| WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue. | |||||
| CVE-2018-6511 | 1 Puppet | 1 Puppet Enterprise | 2022-04-12 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Puppet Enterprise Console. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6. | |||||
| CVE-2022-23697 | 1 Hp | 1 Oneview | 2022-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. | |||||
| CVE-2018-6510 | 1 Puppet | 1 Puppet Enterprise | 2022-04-12 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6. | |||||
| CVE-2021-43551 | 1 Osisoft | 1 Pi Vision | 2022-04-12 | 3.5 LOW | 5.4 MEDIUM |
| A remote attacker with write access to PI Vision could inject code into a display. Unauthorized information disclosure, modification, or deletion is possible if a victim views or interacts with the infected display using Microsoft Internet Explorer. The impact affects PI System data and other data accessible with victim's user permissions. | |||||
| CVE-2020-13672 | 1 Drupal | 1 Drupal | 2022-04-12 | 2.6 LOW | 6.1 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions prior to 9.1.7; 9.0.x versions prior to 9.0.12; 8.9.x versions prior to 8.9.14; 7.x versions prior to 7.80. | |||||
| CVE-2020-27659 | 1 Synology | 1 Safeaccess | 2022-04-12 | 3.5 LOW | 4.8 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter. | |||||
| CVE-2020-29259 | 1 Online Examination System Project | 1 Online Examination System | 2022-04-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the subject or feedback parameter to feedback.php. | |||||
| CVE-2021-25063 | 1 Cf7skins | 1 Contact Form 7 Skins | 2022-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Skins for Contact Form 7 WordPress plugin before 2.5.1 does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-24814 | 1 Rangerstudio | 1 Directus | 2022-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.7.0, unauthorized JavaScript (JS) can be executed by inserting an iframe into the rich text html interface that links to a file uploaded HTML file that loads another uploaded JS file in its script tag. This satisfies the regular content security policy header, which in turn allows the file to run any arbitrary JS. This issue was resolved in version 9.7.0. As a workaround, disable the live embed in the what-you-see-is-what-you-get by adding `{ "media_live_embeds": false }` to the _Options Overrides_ option of the Rich Text HTML interface. | |||||
| CVE-2022-27441 | 1 Tpcms Project | 1 Tpcms | 2022-04-11 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in TPCMS v3.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Phone text box. | |||||
| CVE-2022-25618 | 1 Tms-outsource | 1 Wpdatatables Lite | 2022-04-11 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions <= 2.1.27 | |||||
| CVE-2022-25613 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2022-04-11 | 3.5 LOW | 5.4 MEDIUM |
| Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in FV Flowplayer Video Player (WordPress plugin) versions <= 7.5.18.727 via &fv_wp_flowplayer_field_splash parameter. | |||||
| CVE-2022-26616 | 1 Public Knowledge Project | 1 Open Journal Systems | 2022-04-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| PKP Vendor Open Journal System v2.4.8 to v3.3.8 allows attackers to perform reflected cross-site scripting (XSS) attacks via crafted HTTP headers. | |||||