Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20659 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2022-02-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2022-25317 | 1 Cerebrate-project | 1 Cerebrate | 2022-02-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description. | |||||
| CVE-2022-24981 | 1 Jqueryform | 1 Jqueryform | 2022-02-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in forms generated by JQueryForm.com before 2022-02-05 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter to admin.php. | |||||
| CVE-2022-25323 | 1 Zerof | 1 Web Server | 2022-02-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| ZEROF Web Server 2.0 allows /admin.back XSS. | |||||
| CVE-2014-8597 | 1 Php-fusion | 1 Phpfusion | 2022-02-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in PHP-Fusion 7.02.07 allows remote attackers to inject arbitrary web script or HTML via the status parameter in the CMS admin panel. | |||||
| CVE-2022-25321 | 1 Cerebrate-project | 1 Cerebrate | 2022-02-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Cerebrate through 1.4. XSS could occur in the bookmarks component. | |||||
| CVE-2003-1420 | 1 Opera | 1 Opera Browser | 2022-02-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with automatic redirection disabled allows remote attackers to inject arbitrary web script or HTML via the HTTP Location header. | |||||
| CVE-2021-37403 | 1 Open-xchange | 1 Open-xchange Appsuite | 2022-02-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used. | |||||
| CVE-2021-46251 | 1 Scratchoauth2 Project | 1 Scratchoauth2 | 2022-02-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) in ScratchOAuth2 before commit 1603f04e44ef67dde6ccffe866d2dca16defb293 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. | |||||
| CVE-2022-0612 | 1 Livehelperchat | 1 Live Helper Chat | 2022-02-23 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v. | |||||
| CVE-2022-25185 | 1 Jenkins | 1 Generic Webhook Trigger | 2022-02-23 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using the webhook, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-24589 | 1 Burden Project | 1 Burden | 2022-02-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Burden v3.0 was discovered to contain a stored cross-site scripting (XSS) in the Add Category function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the task parameter. | |||||
| CVE-2022-25191 | 1 Jenkins | 1 Agent Server Parameter | 2022-02-23 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape parameter names of agent server parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-25203 | 1 Jenkins | 1 Team Views | 2022-02-23 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Team Views Plugin 0.9.0 and earlier does not escape team names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Read permission. | |||||
| CVE-2022-25202 | 1 Jenkins | 1 Promoted Builds \(simple\) | 2022-02-23 | 3.5 LOW | 4.8 MEDIUM |
| Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name of custom promotion levels, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. | |||||
| CVE-2022-25189 | 1 Jenkins | 1 Custom Checkbox Parameter | 2022-02-23 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Custom Checkbox Parameter Plugin 1.1 and earlier does not escape parameter names of custom checkbox parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-23367 | 1 Fulusso Project | 1 Fulusso | 2022-02-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Fulusso v1.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in /BindAccount/SuccessTips.js. This vulnerability allows attackers to inject malicious code into a victim user's device via open redirection. | |||||
| CVE-2021-46558 | 1 Issabel | 1 Pbx | 2022-02-23 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Add User module of Issabel PBX 20200102 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the username and password fields. | |||||
| CVE-2020-13668 | 1 Drupal | 1 Drupal | 2022-02-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6. | |||||
| CVE-2022-24586 | 1 Pluxml | 1 Pluxml | 2022-02-23 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters. | |||||