Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-21830 | 1 Rocket.chat | 1 Livechat | 2022-04-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| A blind self XSS vulnerability exists in RocketChat LiveChat <v1.9 that could allow an attacker to trick a victim pasting malicious code in their chat instance. | |||||
| CVE-2021-43459 | 1 Rumble Mail Server Project | 1 Rumble Mail Server | 2022-04-08 | 3.5 LOW | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the (1) domain and (2) path parameters. | |||||
| CVE-2021-43461 | 1 Rumble Mail Server Project | 1 Rumble Mail Server | 2022-04-08 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the servername parameter. | |||||
| CVE-2022-24181 | 1 Public Knowledge Project | 1 Open Journal Systems | 2022-04-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote attackers to inject arbitary code via the X-Forwarded-Host Header. | |||||
| CVE-2020-35475 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2022-04-08 | 5.0 MEDIUM | 7.5 HIGH |
| In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. (The right column with the changeable groups is not affected and is escaped correctly.) | |||||
| CVE-2022-27920 | 2 Fedoraproject, Kiwix | 2 Fedora, Libkiwix | 2022-04-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. This is fixed in 10.1.0. | |||||
| CVE-2008-10001 | 1 Pro2col | 1 Stingray Fts | 2022-04-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in Pro2col Stingray FTS. The manipulation of the argument Username leads to cross site scripting. The attack may be initiated remotely. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2022-23059 | 1 Shopizer | 1 Shopizer | 2022-04-08 | 3.5 LOW | 4.8 MEDIUM |
| A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0 via the “Manage Images” tab, which allows an attacker to upload a SVG file containing malicious JavaScript code. | |||||
| CVE-2020-8542 | 1 Open-xchange | 1 Open-xchange Appsuite | 2022-04-08 | 3.5 LOW | 5.4 MEDIUM |
| OX App Suite through 7.10.3 allows XSS. | |||||
| CVE-2020-8549 | 1 Machothemes | 1 Strong Testimonials | 2022-04-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens. | |||||
| CVE-2021-44310 | 1 Firmware Analysis And Comparison Tool Project | 1 Firmware Analysis And Comparison Tool | 2022-04-07 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in Firmware Analysis and Comparison Tool v3.2. With administrator privileges, the attacker could perform stored XSS attacks by inserting JavaScript and HTML code in user creation functionality. | |||||
| CVE-2021-20729 | 2 Netgate, Pfsense | 2 Pfsense Plus, Pfsense | 2022-04-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL. | |||||
| CVE-2022-27496 | 1 Zero-channel Plus Project | 1 Zero-channel Plus | 2022-04-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Zero-channel BBS Plus v0.7.4 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2021-42866 | 1 Pixelimity | 1 Pixelimity | 2022-04-07 | 3.5 LOW | 4.8 MEDIUM |
| A Cross Site Scripting vulnerabilty exists in Pixelimity 1.0 via the Site Description field in pixelimity/admin/setting.php | |||||
| CVE-2021-42868 | 1 Chikitsa | 1 Patient Management Software | 2022-04-07 | 3.5 LOW | 4.8 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 in the first_name parameter in (1) patient/insert, (2) patient_report, (3) appointment_report, (4) visit_report, and (5) bill_detail_report pages. . | |||||
| CVE-2021-32797 | 1 Jupyter | 1 Jupyterlab | 2022-04-07 | 6.8 MEDIUM | 9.6 CRITICAL |
| JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn’t sanitize the action attribute of html `<form>`. Using this it is possible to trigger the form validation outside of the form itself. This is a remote code execution, but requires user action to open a notebook. | |||||
| CVE-2022-23136 | 1 Zte | 2 Zxhn F680, Zxhn F680 Firmware | 2022-04-07 | 3.5 LOW | 5.4 MEDIUM |
| There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page. | |||||
| CVE-2022-25620 | 1 Profelis | 1 Sambabox | 2022-04-07 | 3.5 LOW | 9.0 CRITICAL |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Group Functionality of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause execute arbitrary codes on the vulnerable server. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86. | |||||
| CVE-2021-42946 | 1 Htmly | 1 Htmly | 2022-04-07 | 3.5 LOW | 4.8 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in htmly.2.8.1 via the Copyright field in the /admin/config page. | |||||
| CVE-2021-42869 | 1 Chikitsa | 1 Patient Management Software | 2022-04-07 | 3.5 LOW | 4.8 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 via the last_name parameter in the (1) patient/insert, (2) patient_report, (3) /appointment_report, (4) visit_report, and (5) /bill_detail_report pages. | |||||