Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42867 | 1 Htmly | 1 Htmly | 2022-04-07 | 3.5 LOW | 4.8 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in DanPros htmly 2.8.1 via the Description field in (1) admin/config, and (2) index.php pages. | |||||
| CVE-2017-5069 | 5 Apple, Google, Linux and 2 more | 8 Macos, Android, Chrome and 5 more | 2022-04-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Incorrect MIME type of XSS-Protection reports in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to circumvent Cross-Origin Resource Sharing checks via a crafted HTML page. | |||||
| CVE-2021-43505 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-04-06 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Cross Site Scripting (XSS) vulnerabilities exist in Ssourcecodester Simple Client Management System v1 via (1) Add new Client and (2) Add new invoice. | |||||
| CVE-2021-43707 | 1 Maccms | 1 Maccms | 2022-04-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link_Name parameter. | |||||
| CVE-2021-44082 | 1 Textpattern | 1 Textpattern | 2022-04-06 | 5.1 MEDIUM | 8.3 HIGH |
| textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request. | |||||
| CVE-2019-17091 | 2 Eclipse, Oracle | 23 Mojarra, Application Testing Suite, Banking Enterprise Product Manufacturing and 20 more | 2022-04-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled. | |||||
| CVE-2017-18635 | 4 Canonical, Debian, Novnc and 1 more | 4 Ubuntu Linux, Debian Linux, Novnc and 1 more | 2022-04-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name. | |||||
| CVE-2020-6392 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2022-04-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | |||||
| CVE-2021-35208 | 1 Zimbra | 1 Collaboration | 2022-04-06 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document. | |||||
| CVE-2003-5003 | 1 Ibm | 1 Iss Blackice Pc Protection | 2022-04-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection. It has been rated as problematic. Affected by this issue is the Update Handler. The manipulation with an unknown input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2022-26947 | 1 Rsa | 1 Archer | 2022-04-05 | 3.5 LOW | 5.4 MEDIUM |
| Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and gets executed by the web browser in the context of the vulnerable web application. | |||||
| CVE-2022-1087 | 1 Htmly | 1 Htmly | 2022-04-05 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in htmly 5.3 whis affects the component Edit Profile Module. The manipulation of the field Title with script tags leads to persistent cross site scripting. The attack may be initiated remotely and requires an authentication. A simple POC has been disclosed to the public and may be used. | |||||
| CVE-2022-1085 | 1 Cltphp | 1 Cltphp | 2022-04-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in CLTPHP up to 6.0. It has been declared as problematic. Affected by this vulnerability is the POST Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-26951 | 1 Rsa | 1 Archer | 2022-04-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerability. A remote SAML-unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and gets executed by the web browser in the context of the vulnerable web application. | |||||
| CVE-2022-24131 | 1 Douco | 1 Douphp | 2022-04-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution. | |||||
| CVE-2021-46108 | 1 Dlink | 2 Dsl-2730e, Dsl-2730e Firmware | 2022-04-05 | 3.5 LOW | 5.4 MEDIUM |
| D-Link DSL-2730E CT-20131125 devices allow XSS via the username parameter to the password page in the maintenance configuration. | |||||
| CVE-2017-1002201 | 2 Debian, Haml | 2 Debian Linux, Haml | 2022-04-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code. | |||||
| CVE-2021-35490 | 1 Thruk | 1 Thruk | 2022-04-05 | 3.5 LOW | 5.4 MEDIUM |
| Thruk before 2.44 allows XSS for a quick command. | |||||
| CVE-2021-43661 | 1 Totolink | 2 Ex300 V2, Ex300 V2 Firmware | 2022-04-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /home.asp. | |||||
| CVE-2022-26644 | 1 Banking System Project | 1 Banking System | 2022-04-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Online Banking System Protect v1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via parameters on user profile, system_info and accounts management. | |||||