Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0752 | 1 Hestiacp | 1 Control Panel | 2022-03-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9. | |||||
| CVE-2022-0831 | 1 Pimcore | 1 Pimcore | 2022-03-10 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. | |||||
| CVE-2022-0832 | 1 Pimcore | 1 Pimcore | 2022-03-10 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. | |||||
| CVE-2020-18671 | 1 Roundcube | 1 Webmail | 2022-03-10 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php. | |||||
| CVE-2020-18670 | 1 Roundcube | 1 Webmail | 2022-03-10 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php. | |||||
| CVE-2021-26925 | 2 Fedoraproject, Roundcube | 2 Fedora, Webmail | 2022-03-10 | 3.5 LOW | 5.4 MEDIUM |
| Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering. | |||||
| CVE-2018-19206 | 2 Debian, Roundcube | 2 Debian Linux, Webmail | 2022-03-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment. | |||||
| CVE-2022-0743 | 1 Getgrav | 1 Grav | 2022-03-10 | 3.5 LOW | 4.6 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31. | |||||
| CVE-2022-25220 | 1 Petereport Project | 1 Petereport | 2022-03-09 | 3.5 LOW | 4.8 MEDIUM |
| PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding. | |||||
| CVE-2022-25138 | 1 Axelor | 1 Open Suite | 2022-03-09 | 3.5 LOW | 5.4 MEDIUM |
| Axelor Open Suite v5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Name parameter. | |||||
| CVE-2022-23656 | 1 Zulip | 1 Zulip Server | 2022-03-09 | 3.5 LOW | 5.4 MEDIUM |
| Zulip is an open source team chat app. The `main` development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attacker could maliciously craft a full name for their account and send messages to a topic with several participants; a victim who then opens an overflow tooltip including this full name on the recent topics page could trigger execution of JavaScript code controlled by the attacker. Users running a Zulip server from the main branch should upgrade from main (2022-03-01 or later) again to deploy this fix. | |||||
| CVE-2022-22944 | 1 Vmware | 1 Workspace One Boxer | 2022-03-09 | 3.5 LOW | 5.4 MEDIUM |
| VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability. Due to insufficient sanitization and validation, in VMware Workspace ONE Boxer calendar event descriptions, a malicious actor can inject script tags to execute arbitrary script within a user's window. | |||||
| CVE-2021-40637 | 1 Os4ed | 1 Opensis | 2022-03-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| OS4ED openSIS 8.0 is affected by cross-site scripting (XSS) in EmailCheckOthers.php. An attacker can inject JavaScript code to get the user's cookie and take over the working session of user. | |||||
| CVE-2022-0753 | 1 Hestiacp | 1 Control Panel | 2022-03-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9. | |||||
| CVE-2022-24573 | 1 Element-it | 1 Http Commander | 2022-03-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent field. | |||||
| CVE-2022-24563 | 1 Metalgenix | 1 Genixcms | 2022-03-09 | 3.5 LOW | 5.4 MEDIUM |
| In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the intro_title and intro_image parameters. | |||||
| CVE-2022-24717 | 1 Finastra | 1 Ssr-pages | 2022-03-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). In versions prior to 0.1.5, a cross site scripting (XSS) issue can occur when providing untrusted input to the `redirect.link` property as an argument to the `build(MessagePageOptions)` function. While there is no known workaround at this time, there is a patch in version 0.1.5. | |||||
| CVE-2021-46387 | 1 Zyxel | 2 Zywall 2 Plus Internet Security Appliance, Zywall 2 Plus Internet Security Appliance Firmware | 2022-03-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking. | |||||
| CVE-2022-25014 | 1 Icehrm | 1 Icehrm | 2022-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ice Hrm 30.0.0.OS was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "m" parameter in the Dashboard of the current user. This vulnerability allows attackers to compromise session credentials via user interaction with a crafted link. | |||||
| CVE-2022-25015 | 1 Icehrm | 1 Icehrm | 2022-03-08 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Ice Hrm 30.0.0.OS allows attackers to steal cookies via a crafted payload inserted into the First Name field. | |||||