Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25013 | 1 Icehrm | 1 Icehrm | 2022-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ice Hrm 30.0.0.OS was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the "key" and "fm" parameters in the component login.php. | |||||
| CVE-2022-25020 | 1 Pluxml | 1 Pluxml | 2022-03-08 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post. | |||||
| CVE-2022-25022 | 1 Htmly | 1 Htmly | 2022-03-08 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post. | |||||
| CVE-2022-0776 | 1 Revealjs | 1 Reveal.js | 2022-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0. | |||||
| CVE-2022-25413 | 1 Max-3000 | 1 Maxsite Cms | 2022-03-08 | 3.5 LOW | 5.4 MEDIUM |
| Maxsite CMS v108 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_tags at /admin/page_edit/3. | |||||
| CVE-2022-25410 | 1 Max-3000 | 1 Maxsite Cms | 2022-03-08 | 3.5 LOW | 5.4 MEDIUM |
| Maxsite CMS v180 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_file_description at /admin/files. | |||||
| CVE-2022-25409 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-03-08 | 3.5 LOW | 5.4 MEDIUM |
| Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail parameter at /admin-panel1.php. | |||||
| CVE-2022-25408 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-03-08 | 3.5 LOW | 5.4 MEDIUM |
| Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword parameter at /admin-panel1.php. | |||||
| CVE-2022-25407 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-03-08 | 3.5 LOW | 5.4 MEDIUM |
| Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Doctor parameter at /admin-panel1.php. | |||||
| CVE-2022-26332 | 1 Cipi | 1 Cipi | 2022-03-08 | 3.5 LOW | 5.4 MEDIUM |
| Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field. | |||||
| CVE-2022-25028 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2022-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Home Owners Collection Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the collected_by parameter under the List of Collections module. | |||||
| CVE-2022-23907 | 1 Cmsmadesimple | 1 Cms Made Simple | 2022-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage. | |||||
| CVE-2022-26155 | 1 Cherwell | 1 Cherwell Service Management | 2022-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body. | |||||
| CVE-2022-25642 | 1 Obyte | 1 Obyte | 2022-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Obyte (formerly Byteball) Wallet before 3.4.1 allows XSS. A crafted chat message can lead to remote code execution. | |||||
| CVE-2022-25261 | 1 Jetbrains | 1 Teamcity | 2022-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS. | |||||
| CVE-2022-24572 | 1 Car Driving School Management System Project | 1 Car Driving School Management System | 2022-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Car Driving School Management System v1.0 is affected by Cross Site Scripting (XSS) in the User Enrollment Form (Username Field). To exploit this Vulnerability, an admin views the registered user details. | |||||
| CVE-2022-23988 | 1 Westguardsolutions | 1 Ws Form | 2022-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape submitted form data, allowing unauthenticated attacker to submit XSS payloads which will get executed when a privileged user will view the related submission | |||||
| CVE-2022-0723 | 1 Microweber | 1 Microweber | 2022-03-08 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-0763 | 1 Microweber | 1 Microweber | 2022-03-08 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3. | |||||
| CVE-2022-24709 | 1 Amazon | 1 Awsui\/components-react | 2022-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| @awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Multiple components in versions before 3.0.367 have been found to not properly neutralize user input and may allow for javascript injection. Users are advised to upgrade to version 3.0.367 or later. There are no known workarounds for this issue. | |||||