Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24227 | 1 Boltwire | 1 Boltwire | 2022-02-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in BoltWire v7.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters. | |||||
| CVE-2022-0576 | 1 Librenms | 1 Librenms | 2022-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms prior to 22.1.0. | |||||
| CVE-2022-0575 | 1 Librenms | 1 Librenms | 2022-02-22 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.2.0. | |||||
| CVE-2021-25107 | 1 Accesspressthemes | 1 Form Store To Db | 2022-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Form Store to DB WordPress plugin before 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site Scripting attacks against admin | |||||
| CVE-2021-24904 | 1 Lenderd | 1 Mortgage Calculators Wp | 2022-02-22 | 3.5 LOW | 4.8 MEDIUM |
| The Mortgage Calculators WP WordPress plugin before 1.56 does not implement any sanitisation on the color setting of the background of a calculator, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2021-24874 | 1 Sendinblue | 1 Newsletter\, Smtp\, Email Marketing And Subscribe | 2022-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.31 does not escape the lang and pid parameter before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues | |||||
| CVE-2022-0589 | 1 Librenms | 1 Librenms | 2022-02-22 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.1.0. | |||||
| CVE-2022-23638 | 1 Svg-sanitizer Project | 1 Svg-sanitizer | 2022-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scripting vulnerability impacts all users of the `svg-sanitizer` library prior to version 0.15.0. This issue is fixed in version 0.15.0. There is currently no workaround available. | |||||
| CVE-2022-23391 | 1 Pybbs Project | 1 Pybbs | 2022-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Pybbs v6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Search box. | |||||
| CVE-2022-23637 | 1 K-link | 1 K-box | 2022-02-22 | 3.5 LOW | 5.4 MEDIUM |
| K-Box is a web-based application to manage documents, images, videos and geodata. Prior to version 0.33.1, a stored Cross-Site-Scripting (XSS) vulnerability is present in the markdown editor used by the document abstract and markdown file preview. A specifically crafted anchor link can, if clicked, execute untrusted javascript actions, like retrieving user cookies. Version 0.33.1 includes a patch that allows discarding unsafe links. | |||||
| CVE-2022-0208 | 1 Mappresspro | 1 Mappress | 2022-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid parameter before outputting it back in the "Bad mapid" error message, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0193 | 1 Really-simple-plugins | 1 Complianz | 2022-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Complianz WordPress plugin before 6.0.0 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-24587 | 1 Pluxml | 1 Pluxml | 2022-02-22 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML. | |||||
| CVE-2022-24585 | 1 Pluxml | 1 Pluxml | 2022-02-22 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter. | |||||
| CVE-2022-24590 | 1 Backdropcms | 1 Backdrop | 2022-02-22 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML. | |||||
| CVE-2021-39079 | 1 Ibm | 1 Cognos Analytics Mobile | 2022-02-22 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics Mobile for Android applications prior to version 1.1.14 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215592. | |||||
| CVE-2022-0206 | 1 Newstatpress Project | 1 Newstatpress | 2022-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The NewStatPress WordPress plugin before 1.3.6 does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues | |||||
| CVE-2021-4035 | 1 Wocu-monitoring | 1 Wocu Monitoring | 2022-02-22 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross site scripting have been identified at the comments in the report creation due to an obsolote version of tinymce editor. In order to exploit this vulnerability, the attackers needs an account with enough privileges to view and edit reports. | |||||
| CVE-2022-23707 | 1 Elastic | 1 Kibana | 2022-02-22 | 3.5 LOW | 5.4 MEDIUM |
| An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users | |||||
| CVE-2022-0157 | 2 Fedoraproject, Phoronix-media | 2 Fedora, Phoronix Test Suite | 2022-02-22 | 3.5 LOW | 5.4 MEDIUM |
| phoronix-test-suite is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||