Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8450 | 1 Atlassian | 1 Jira Server | 2022-03-25 | 3.5 LOW | 4.8 MEDIUM |
| Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a custom field. | |||||
| CVE-2019-3402 | 1 Atlassian | 2 Jira, Jira Server | 2022-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter. | |||||
| CVE-2019-14996 | 1 Atlassian | 1 Jira Server | 2022-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter. | |||||
| CVE-2022-23598 | 2 Fedoraproject, Getlaminas | 2 Fedora, Laminas-form | 2022-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| laminas-form is a package for validating and displaying simple and complex forms. When rendering validation error messages via the `formElementErrors()` view helper shipped with laminas-form, many messages will contain the submitted value. However, in laminas-form prior to version 3.1.1, the value was not being escaped for HTML contexts, which could potentially lead to a reflected cross-site scripting attack. Versions 3.1.1 and above contain a patch to mitigate the vulnerability. A workaround is available. One may manually place code at the top of a view script where one calls the `formElementErrors()` view helper. More information about this workaround is available on the GitHub Security Advisory. | |||||
| CVE-2022-27213 | 1 Jenkins | 1 Environment Dashboard | 2022-03-25 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Environment Dashboard Plugin 1.1.10 and earlier does not escape the Environment order and the Component order configuration values in its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission. | |||||
| CVE-2022-25605 | 1 Wp-downloadmanager Project | 1 Wp-downloadmanager | 2022-03-24 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vvulnerable parameters &download_path, &download_path_url, &download_page_url. | |||||
| CVE-2022-25603 | 1 Maxfoundry | 1 Maxgalleria | 2022-03-24 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5). | |||||
| CVE-2022-0758 | 1 Rapid7 | 1 Nexpose | 2022-03-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cross site scripting vulnerability, within the shared scan configuration component of the tool. With this vulnerability an attacker could pass literal values as the test credentials, providing the opportunity for a potential XSS attack. This issue is fixed in Rapid7 Nexpose version 6.6.130. | |||||
| CVE-2021-24343 | 1 Iflychat | 1 Iflychat | 2022-03-24 | 3.5 LOW | 4.8 MEDIUM |
| The iFlyChat WordPress plugin before 4.7.0 does not sanitise its APP ID setting before outputting it back in the page, leading to an authenticated Stored Cross-Site Scripting issue | |||||
| CVE-2021-45792 | 1 Slims | 1 Senayan Library Management System | 2022-03-23 | 3.5 LOW | 4.8 MEDIUM |
| Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php. | |||||
| CVE-2022-25489 | 1 Thedigitalcraft | 1 Atomcms | 2022-03-23 | 3.5 LOW | 5.4 MEDIUM |
| Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "A" parameter in /widgets/debug.php. | |||||
| CVE-2022-27196 | 1 Jenkins | 1 Favorite | 2022-03-23 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions. | |||||
| CVE-2022-27197 | 1 Jenkins | 1 Dashboard View | 2022-03-23 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet's Iframe source URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure views. | |||||
| CVE-2022-27207 | 1 Jenkins | 1 Global-build-stats | 2022-03-23 | 3.5 LOW | 4.8 MEDIUM |
| Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. | |||||
| CVE-2022-0161 | 1 Ari-soft | 1 Ari Fancy Lightbox | 2022-03-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ARI Fancy Lightbox WordPress plugin before 1.3.9 does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-27202 | 1 Jenkins | 1 Extended Choice Parameter | 2022-03-23 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-27200 | 1 Jenkins | 1 Folder-based Authorization Strategy | 2022-03-22 | 3.5 LOW | 4.8 MEDIUM |
| Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the configuration form, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. | |||||
| CVE-2022-0956 | 1 Showdoc | 1 Showdoc | 2022-03-22 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4. | |||||
| CVE-2022-0957 | 1 Showdoc | 1 Showdoc | 2022-03-22 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4. | |||||
| CVE-2022-0942 | 1 Showdoc | 1 Showdoc | 2022-03-22 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4. | |||||