Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-10007 | 1 Buddystream Project | 1 Buddystream | 2023-02-28 | N/A | 6.1 MEDIUM |
| A vulnerability was found in madgicweb BuddyStream Plugin up to 3.2.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file ShareBox.php. The manipulation of the argument content/link/shares leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.2.8 is able to address this issue. The name of the patch is 7d5b9a89a27711aad76fd55ab4cc4185b545a1d0. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221479. | |||||
| CVE-2022-48115 | 1 Jspreadsheet | 1 Jspreadsheet | 2023-02-28 | N/A | 6.1 MEDIUM |
| The dropdown menu in jspreadsheet before v4.6.0 was discovered to be vulnerable to cross-site scripting (XSS). | |||||
| CVE-2020-5000 | 1 Ibm | 1 Financial Transaction Manager | 2023-02-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Financial Transaction Manager 3.2.0 through 3.2.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192952. | |||||
| CVE-2019-11559 | 1 Hrworks | 1 Hrworks | 2023-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-site scripting (XSS) vulnerability in HRworks V 1.16.1 allows remote attackers to inject arbitrary web script or HTML via the URL parameter to the Login component. | |||||
| CVE-2014-125088 | 1 Qt-users | 1 Silk | 2023-02-28 | N/A | 6.1 MEDIUM |
| A vulnerability was found in qt-users-jp silk 0.0.1. It has been declared as problematic. This vulnerability affects unknown code of the file contents/root/examples/header.qml. The manipulation of the argument model.key/model.value leads to cross site scripting. The attack can be initiated remotely. The name of the patch is bbc5d6eeea800025ef29edda3fd3c57836239eae. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221488. | |||||
| CVE-2015-10080 | 1 Nrel | 1 Api Umbrella | 2023-02-28 | N/A | 6.1 MEDIUM |
| A vulnerability was found in NREL api-umbrella-web 0.7.1. It has been classified as problematic. This affects an unknown part of the component Admin Data Table Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 0.8.0 is able to address this issue. The name of the patch is f53a9fb87e10c457f0f3dd4f2af24d3b2f21b3ca. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221487. | |||||
| CVE-2022-2113 | 1 Inventree Project | 1 Inventree | 2023-02-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.7.2. | |||||
| CVE-2016-10961 | 1 Inkthemes | 1 Colorway | 2023-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The colorway theme before 3.4.2 for WordPress has XSS via the contactName parameter. | |||||
| CVE-2019-10395 | 1 Jenkins | 1 Build Environment | 2023-02-28 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Build Environment Plugin 1.6 and earlier did not escape variables shown on its views, resulting in a cross-site scripting vulnerability in Jenkins 2.145, 2.138.1, or older, exploitable by users able to change various job/build properties. | |||||
| CVE-2019-10396 | 1 Jenkins | 1 Dashboard View | 2023-02-28 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Dashboard View Plugin 2.11 and earlier did not escape build descriptions, resulting in a cross-site scripting vulnerability exploitable by users able to change build descriptions. | |||||
| CVE-2019-1010124 | 1 Webappick | 1 Woocommerce Product Feed | 2023-02-28 | 3.5 LOW | 5.4 MEDIUM |
| WebAppick WooCommerce Product Feed 2.2.18 and earlier is affected by: Cross Site Scripting (XSS). The impact is: XSS to RCE via editing theme files in WordPress. The component is: admin/partials/woo-feed-manage-list.php:63. The attack vector is: Administrator must be logged in. | |||||
| CVE-2019-7553 | 1 Chartered Accountant \ | 1 Auditor Website Project | 2023-02-28 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has Stored XSS in the Profile Update page via the My Name field. | |||||
| CVE-2023-23922 | 1 Moodle | 1 Moodle | 2023-02-28 | N/A | 6.1 MEDIUM |
| The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks. | |||||
| CVE-2023-23921 | 1 Moodle | 1 Moodle | 2023-02-28 | N/A | 6.1 MEDIUM |
| The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks. | |||||
| CVE-2020-4051 | 3 Debian, Netapp, Openjsf | 6 Debian Linux, Active Iq Unified Manager, Oncommand Insight and 3 more | 2023-02-28 | 3.5 LOW | 5.4 MEDIUM |
| In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin. This has been fixed in 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3. | |||||
| CVE-2018-3717 | 1 Sencha | 1 Connect | 2023-02-28 | 3.5 LOW | 5.4 MEDIUM |
| connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware. | |||||
| CVE-2018-3755 | 1 Sexstatic Project | 1 Sexstatic | 2023-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in sexstatic <=0.6.2 causes HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with <iframe> element used in directory name. | |||||
| CVE-2018-3769 | 1 Ruby-grape | 1 Grape | 2023-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| ruby-grape ruby gem suffers from a cross-site scripting (XSS) vulnerability via "format" parameter. | |||||
| CVE-2018-3763 | 1 Nextcloud | 1 Calendar | 2023-02-28 | 3.5 LOW | 4.8 MEDIUM |
| In Nextcloud Calendar before 1.5.8 and 1.6.1, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins. | |||||
| CVE-2021-37373 | 1 Teradek | 2 Slice, Slice Firmware | 2023-02-28 | N/A | 5.4 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Slice 1st generation firmware 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue. | |||||