Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9496 | 1 Apache | 1 Ofbiz | 2022-04-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03 | |||||
| CVE-2022-1086 | 1 Dolphinphp Project | 1 Dolphinphp | 2022-04-05 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability was found in DolphinPHP up to 1.5.0 and classified as problematic. Affected by this issue is the User Management Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-23800 | 1 Joomla | 1 Joomla\! | 2022-04-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vulnerabilities in various components. | |||||
| CVE-2022-23796 | 1 Joomla | 1 Joomla\! | 2022-04-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using com_fields. | |||||
| CVE-2022-23801 | 1 Joomla | 1 Joomla\! | 2022-04-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media. | |||||
| CVE-2022-24135 | 1 Qingscan Project | 1 Qingscan | 2022-04-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| QingScan 1.3.0 is affected by Cross Site Scripting (XSS) vulnerability in all search functions. | |||||
| CVE-2022-1076 | 1 Automatic Question Paper Generator System Project | 1 Automatic Question Paper Generator System | 2022-04-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in Automatic Question Paper Generator System 1.0. It has been classified as problematic. This affects the file /aqpg/users/login.php of the component My Account Page. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is possible to initiate the attack remotely. | |||||
| CVE-2022-1075 | 1 College Website Management System Project | 1 College Website Management System | 2022-04-04 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability was found in College Website Management System 1.0 and classified as problematic. Affected by this issue is the file /cwms/classes/Master.php?f=save_contact of the component Contact Handler. The manipulation leads to persistent cross site scripting. The attack may be launched remotely and requires authentication. | |||||
| CVE-2022-28149 | 1 Jenkins | 1 Job And Node Ownership | 2022-04-04 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-1079 | 1 One Church Management System Project | 1 One Church Management System | 2022-04-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in SourceCodester One Church Management System. Affected are multiple files and parameters which are prone to to cross site scripting. It is possible to launch the attack remotely. | |||||
| CVE-2022-28145 | 1 Jenkins | 1 Continuous Integration With Toad Edge | 2022-04-04 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier does not apply Content-Security-Policy headers to report files it serves, resulting in a stored cross-site scripting (XSS) exploitable by attackers with Item/Configure permission or otherwise able to control report contents. | |||||
| CVE-2022-1181 | 1 Open-emr | 1 Openemr | 2022-04-04 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2. | |||||
| CVE-2022-1180 | 1 Open-emr | 1 Openemr | 2022-04-04 | 3.5 LOW | 3.5 LOW |
| Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. | |||||
| CVE-2022-1179 | 1 Open-emr | 1 Openemr | 2022-04-04 | 3.5 LOW | 5.4 MEDIUM |
| Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. | |||||
| CVE-2022-1178 | 1 Open-emr | 1 Openemr | 2022-04-04 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. | |||||
| CVE-2022-1074 | 1 Tem | 2 Flex-1085, Flex-1085 Firmware | 2022-04-04 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability has been found in TEM FLEX-1085 1.6.0 and classified as problematic. Using the input <h1>HTML Injection</h1> in the WiFi settings of the dashboard leads to html injection. | |||||
| CVE-2022-0680 | 1 Plezi | 1 Plezi | 2022-04-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Plezi WordPress plugin before 1.0.3 has a REST endpoint allowing unauthenticated users to update the plz_configuration_tracker_enable option, which is then displayed in the admin panel without sanitisation and escaping, leading to a Stored Cross-Site Scripting issue | |||||
| CVE-2022-0397 | 1 Wpclever | 1 Wpc Smart Wishlist For Woocommerce | 2022-04-04 | 3.5 LOW | 5.4 MEDIUM |
| The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.4 does not sanitise and escape the key parameter before outputting it back in the wishlist_quickview AJAX action's response (available to any authenticated user), leading to a Reflected Cross-Site Scripting | |||||
| CVE-2021-25071 | 1 Inpsyde | 1 Akismet Privacy Policies | 2022-04-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WordPress plugin through 2.0.1 does not sanitise and escape the translation parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2021-42970 | 1 Cxuu | 1 Cxuucms | 2022-04-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in cxuucms v3 via the imgurl of /feedback/post/ content parameter. | |||||