Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0970 | 1 Getgrav | 1 Grav | 2022-03-22 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31. | |||||
| CVE-2022-0964 | 1 Showdoc | 1 Showdoc | 2022-03-22 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4. | |||||
| CVE-2022-0965 | 1 Showdoc | 1 Showdoc | 2022-03-22 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4. | |||||
| CVE-2022-0966 | 1 Showdoc | 1 Showdoc | 2022-03-22 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10. | |||||
| CVE-2022-0963 | 1 Microweber | 1 Microweber | 2022-03-22 | 3.5 LOW | 5.4 MEDIUM |
| Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12. | |||||
| CVE-2021-42552 | 1 Archivista | 1 Archivistabox | 2022-03-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in ArchivistaBox webclient allows an attacker to craft a malicious link, executing JavaScript in the context of a victim's browser. This issue affects all ArchivistaBox versions prior to 2022/I. | |||||
| CVE-2021-45787 | 1 Maccms | 1 Maccms | 2022-03-22 | 3.5 LOW | 5.4 MEDIUM |
| There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and remarks. | |||||
| CVE-2022-0986 | 1 Hestiacp | 1 Control Panel | 2022-03-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11. | |||||
| CVE-2021-33853 | 1 X2engine | 1 X2crm | 2022-03-22 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-Site Scripting (XSS) attack can cause arbitrary code (javascript) to run in a user’s browser while the browser is connected to a trusted website. As the vehicle for the attack, the application targets the users and not the application itself. Additionally, the XSS payload is executed when the user attempts to access any page of the CRM. | |||||
| CVE-2022-0704 | 1 Pimcore | 1 Pimcore | 2022-03-22 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. | |||||
| CVE-2022-0911 | 1 Pimcore | 1 Pimcore | 2022-03-22 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. | |||||
| CVE-2022-0705 | 1 Pimcore | 1 Pimcore | 2022-03-22 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. | |||||
| CVE-2022-27212 | 1 Jenkins | 1 List Git Branches Parameter | 2022-03-22 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the 'List Git branches (and more)' parameter, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-24749 | 1 Sylius | 1 Sylius | 2022-03-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sylius is an open source eCommerce platform. In versions prior to 1.9.10, 1.10.11, and 1.11.2, it is possible to upload an SVG file containing cross-site scripting (XSS) code in the admin panel. In order to perform a XSS attack, the file itself has to be open in a new card or loaded outside of the IMG tag. The problem applies both to the files opened on the admin panel and shop pages. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. As a workaround, require a library that adds on-upload file sanitization and overwrite the service before writing the file to the filesystem. The GitHub Security Advisory contains more specific information about the workaround. | |||||
| CVE-2022-0928 | 1 Microweber | 1 Microweber | 2022-03-22 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12. | |||||
| CVE-2022-25507 | 1 Freetakserver-ui Project | 1 Freetakserver-ui | 2022-03-22 | 3.5 LOW | 5.4 MEDIUM |
| FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Callsign parameter. | |||||
| CVE-2021-39055 | 1 Ibm | 1 Spectrum Copy Data Management | 2022-03-22 | 3.5 LOW | 5.4 MEDIUM |
| IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214534. | |||||
| CVE-2022-0962 | 1 Showdoc | 1 Showdoc | 2022-03-22 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4. | |||||
| CVE-2022-0648 | 1 I13websolution | 1 Team Circle Image Slider With Lightbox | 2022-03-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Team Circle Image Slider With Lightbox WordPress plugin before 1.0.16 does not sanitize and escape the order_pos parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-0601 | 1 Edmonsoft | 1 Countdown\, Coming Soon\, Maintenance - Countdown \& Clock | 2022-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Countdown, Coming Soon, Maintenance WordPress plugin before 2.2.9 does not sanitize and escape the post parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||