Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25575 | 1 Hongmen | 1 Parking Management System | 2022-03-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Parking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via crafted payloads injected into the user name, password, and verification code text boxes. | |||||
| CVE-2022-0955 | 1 Pimcore | 1 Data-hub | 2022-03-29 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/data-hub prior to 1.2.4. | |||||
| CVE-2021-39491 | 1 Rengine Project | 1 Rengine | 2022-03-29 | 3.5 LOW | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in Yogesh Ojha reNgine v1.0 via the Scan Engine name file in the Scan Engine deletion confirmation modal box . . | |||||
| CVE-2022-0145 | 1 Fork-cms | 1 Fork Cms | 2022-03-29 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository forkcms/forkcms prior to 5.11.1. | |||||
| CVE-2022-1002 | 1 Mattermost | 1 Mattermost | 2022-03-29 | 3.5 LOW | 5.4 MEDIUM |
| Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations. | |||||
| CVE-2022-25269 | 1 Passwork | 1 Passwork | 2022-03-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Passwork On-Premise Edition before 4.6.13 has multiple XSS issues. | |||||
| CVE-2022-0858 | 1 Mcafee | 1 Epolicy Orchestrator | 2022-03-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited ability to alter some information in ePO due to the area of the User Interface the vulnerability is present in. | |||||
| CVE-2022-0857 | 1 Mcafee | 1 Epolicy Orchestrator | 2022-03-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO due to the area of the User Interface the vulnerability is present in. | |||||
| CVE-2022-0750 | 1 Thriveweb | 1 Photoswipe Masonry Gallery | 2022-03-28 | 3.5 LOW | 5.4 MEDIUM |
| The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the thumbnail_width, thumbnail_height, max_image_width, and max_image_height parameters found in the ~/photoswipe-masonry.php file which allows authenticated attackers to inject arbitrary web scripts into galleries created by the plugin and on the PhotoSwipe Options page. This affects versions up to and including 1.2.14. | |||||
| CVE-2022-0834 | 1 Wpamelia | 1 Amelia | 2022-03-28 | 3.5 LOW | 5.4 MEDIUM |
| The Amelia WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the lastName parameter found in the ~/src/Application/Controller/User/Customer/AddCustomerController.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user accesses the booking calendar with the date the attacker has injected the malicious payload into. This affects versions up to and including 1.0.46. | |||||
| CVE-2022-25221 | 1 Money Transfer Management System Project | 1 Money Transfer Management System | 2022-03-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Money Transfer Management System Version 1.0 allows an attacker to inject JavaScript code in the URL and then trick a user into visit the link in order to execute JavaScript code. | |||||
| CVE-2022-25609 | 1 Yooslider | 1 Yoo Slider | 2022-03-28 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross-Site Scripting (XSS) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers with contributor or higher user role to inject the malicious code. | |||||
| CVE-2021-33961 | 1 Enhanced-github Project | 1 Enhanced-github | 2022-03-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) vulnerabililty exists in enhanced-github v5.0.11 via the file name parameter. | |||||
| CVE-2022-0475 | 1 Otrs | 1 Otrs | 2022-03-28 | 3.5 LOW | 5.4 MEDIUM |
| Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed). The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions. | |||||
| CVE-2022-26555 | 1 Eova | 1 Eova | 2022-03-28 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Add a Button function of Eova v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the button name text box. | |||||
| CVE-2022-26246 | 1 Tms Project | 1 Tms | 2022-03-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| TMS v2.28.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /TMS/admin/setting/mail/createorupdate. | |||||
| CVE-2022-0640 | 1 Wpdevart | 1 Pricing Table Builder | 2022-03-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Pricing Table Builder WordPress plugin before 1.1.5 does not sanitize and escape the postid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-25464 | 1 Html-js | 1 Doracms | 2022-03-28 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component /admin/contenttemp of DoraCMS v2.1.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2022-0628 | 1 Accesspressthemes | 1 Ap Mega Menu | 2022-03-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the _wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-0627 | 1 Tms-outsource | 1 Amelia | 2022-03-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Amelia WordPress plugin before 1.0.47 does not sanitize and escape the code parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||