Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41541 | 1 Siemens | 2 Climatix Pol909, Climatix Pol909 Firmware | 2022-03-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The Group Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action. | |||||
| CVE-2021-24821 | 1 Nicdark | 1 Cost Calculator | 2022-03-11 | 3.5 LOW | 5.4 MEDIUM |
| The Cost Calculator WordPress plugin before 1.6 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the Description fields of a Cost Calculator > Price Settings (which gets injected on the edit page as well as any page that embeds the calculator using the shortcode), as well as the Text Preview field of a Project (injected on the edit project page) | |||||
| CVE-2022-0877 | 1 Bookstackapp | 1 Bookstack | 2022-03-11 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3. | |||||
| CVE-2021-24810 | 1 Wp-eventmanager | 1 Wp Event Manager | 2022-03-11 | 3.5 LOW | 4.8 MEDIUM |
| The WP Event Manager WordPress plugin before 3.1.23 does not escape some of its Field Editor settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-0535 | 1 E2pdf | 1 E2pdf | 2022-03-11 | 3.5 LOW | 4.8 MEDIUM |
| The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-0533 | 1 Metaphorcreations | 1 Ditty | 2022-03-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2022-0448 | 1 Dwbooster | 1 Cp Blocks | 2022-03-11 | 3.5 LOW | 4.8 MEDIUM |
| The CP Blocks WordPress plugin before 1.0.15 does not sanitise and escape its "License ID" settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. | |||||
| CVE-2021-44749 | 1 F-secure | 1 Safe | 2022-03-11 | 4.3 MEDIUM | 9.6 CRITICAL |
| A vulnerability affecting F-Secure SAFE browser protection was discovered improper URL handling can be triggered to cause universal cross-site scripting through browsing protection in a SAFE web browser. User interaction is required prior to exploitation. A successful exploitation may lead to arbitrary code execution. | |||||
| CVE-2021-44748 | 1 F-secure | 1 Safe | 2022-03-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability affecting F-Secure SAFE browser was discovered whereby browsers loads images automatically this vulnerability can be exploited remotely by an attacker to execute the JavaScript can be used to trigger universal cross-site scripting through the browser. User interaction is required prior to exploitation, such as entering a malicious website to trigger the vulnerability. | |||||
| CVE-2022-0429 | 1 Cerber | 1 Wp Cerber Security\, Anti-spam \& Malware Scan | 2022-03-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability. | |||||
| CVE-2022-0426 | 1 Adtribes | 1 Product Feed Pro For Woocommerce | 2022-03-11 | 3.5 LOW | 5.4 MEDIUM |
| The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 does not escape the rowCount parameter before outputting it back in an attribute via the woosea_categories_dropdown AJAX action (available to any authenticated user), leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0422 | 1 Videousermanuals | 1 White Label Cms | 2022-03-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| The White Label CMS WordPress plugin before 2.2.9 does not sanitise and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2021-46382 | 1 Netgear | 2 Wac120 Ac, Wac120 Ac Firmware | 2022-03-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access Point may lead to mulitple attacks like session hijacking even clipboard hijacking. | |||||
| CVE-2020-18325 | 1 Intelliants | 1 Subrion Cms | 2022-03-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel. | |||||
| CVE-2020-18324 | 1 Intelliants | 1 Subrion Cms | 2022-03-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template. | |||||
| CVE-2020-18327 | 1 Alfresco | 1 Alfresco | 2022-03-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2 | |||||
| CVE-2022-25069 | 1 Marktext | 1 Marktext | 2022-03-10 | 6.8 MEDIUM | 9.6 CRITICAL |
| Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to perform remote code execution (RCE) via injecting a crafted payload into /lib/contentState/pasteCtrl.js. | |||||
| CVE-2022-24722 | 1 Github | 1 Viewcomponent | 2022-03-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| VIewComponent is a framework for building view components in Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone using translations with the view_component gem. Data received via user input and passed as an interpolation argument to the `translate` method is not properly sanitized before display. Versions 2.31.2 and 2.49.1 have been released and fully mitigate the vulnerability. As a workaround, avoid passing user input to the `translate` function, or sanitize the inputs before passing them. | |||||
| CVE-2022-23051 | 1 Petereport Project | 1 Petereport | 2022-03-10 | 3.5 LOW | 5.4 MEDIUM |
| PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svg_file' parameter. | |||||
| CVE-2022-0838 | 1 Hestiacp | 1 Control Panel | 2022-03-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10. | |||||