Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0930 | 1 Microweber | 1 Microweber | 2022-03-18 | 3.5 LOW | 4.8 MEDIUM |
| File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12. | |||||
| CVE-2022-0929 | 1 Microweber | 1 Microweber | 2022-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11. | |||||
| CVE-2021-44585 | 1 Jeecg | 1 Jeecg Boot | 2022-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event. | |||||
| CVE-2022-0937 | 1 Showdoc | 1 Showdoc | 2022-03-18 | 3.5 LOW | 5.4 MEDIUM |
| Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4. | |||||
| CVE-2022-0938 | 1 Showdoc | 1 Showdoc | 2022-03-18 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4. | |||||
| CVE-2022-0341 | 1 B3log | 1 Vditor | 2022-03-18 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.12. | |||||
| CVE-2022-0940 | 1 Showdoc | 1 Showdoc | 2022-03-18 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4. | |||||
| CVE-2022-0941 | 1 Showdoc | 1 Showdoc | 2022-03-18 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4. | |||||
| CVE-2022-0946 | 1 Showdoc | 1 Showdoc | 2022-03-18 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4. | |||||
| CVE-2022-0822 | 1 Orchardcore | 1 Orchardcore | 2022-03-18 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0. | |||||
| CVE-2022-0820 | 1 Orchardcore | 1 Orchardcore | 2022-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0. | |||||
| CVE-2022-22511 | 1 Wago | 49 750-8100, 750-8100 Firmware, 750-8101 and 46 more | 2022-03-18 | 3.5 LOW | 5.4 MEDIUM |
| Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised. | |||||
| CVE-2021-27416 | 1 Abb | 1 Ellipse Enterprise Asset Management | 2022-03-18 | 5.8 MEDIUM | 5.4 MEDIUM |
| An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of confidential information, or even the takeover of the user’s session. | |||||
| CVE-2021-32009 | 1 Secomea | 1 Gatemanager | 2022-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in firmware section of Secomea GateManager allows logged in user to inject javascript in browser session. This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. | |||||
| CVE-2022-24746 | 1 Shopware | 1 Shopware | 2022-03-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions it is possible to inject code via the voucher code form. This issue has been patched in version 6.4.8.1. There are no known workarounds for this issue. | |||||
| CVE-2022-24608 | 1 Luocms Project | 1 Luocms | 2022-03-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Luocms v2.0 is affected by Cross Site Scripting (XSS) in /admin/news/sort_add.php and /inc/function.php. | |||||
| CVE-2014-9649 | 1 Vmware | 1 Rabbitmq | 2022-03-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message. | |||||
| CVE-2022-24432 | 1 Ipcomm | 2 Ipdio, Ipdio Firmware | 2022-03-16 | 3.5 LOW | 5.4 MEDIUM |
| Persistent cross-site scripting (XSS) in the web interface of ipDIO allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into specific fields. The XSS payload will be executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services). | |||||
| CVE-2022-24397 | 1 Sap | 1 Netweaver Enterprise Portal | 2022-03-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of portal Website. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of victim’s web browser. | |||||
| CVE-2022-24395 | 1 Sap | 1 Netweaver Enterprise Portal | 2022-03-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. | |||||