Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-4143 | 1 Bigbluebutton | 1 Bigbluebutton | 2022-01-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Generic in GitHub repository bigbluebutton/bigbluebutton prior to 2.4.0. | |||||
| CVE-2022-21690 | 1 Onionshare | 1 Onionshare | 2022-01-24 | 3.5 LOW | 5.4 MEDIUM |
| OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions The path parameter of the requested URL is not sanitized before being passed to the QT frontend. This path is used in all components for displaying the server access history. This leads to a rendered HTML4 Subset (QT RichText editor) in the Onionshare frontend. | |||||
| CVE-2021-4074 | 1 I-plugins | 1 Whmcs Bridge | 2022-01-24 | 3.5 LOW | 5.4 MEDIUM |
| The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site Scripting via the cc_whmcs_bridge_url parameter found in the ~/whmcs-bridge/bridge_cp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1. Due to missing authorization checks on the cc_whmcs_bridge_add_admin function, low-level authenticated users such as subscribers can exploit this vulnerability. | |||||
| CVE-2022-0181 | 1 Expresstech | 1 Quiz And Survey Master | 2022-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2022-0182 | 1 Expresstech | 1 Quiz And Survey Master | 2022-01-24 | 3.5 LOW | 5.4 MEDIUM |
| Stored cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote authenticated attacker to inject an arbitrary script via an website that uses Quiz And Survey Master. | |||||
| CVE-2022-0253 | 1 Livehelperchat | 1 Livehelperchat | 2022-01-24 | 3.5 LOW | 5.4 MEDIUM |
| livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2022-0256 | 1 Pimcore | 1 Pimcore | 2022-01-24 | 3.5 LOW | 5.4 MEDIUM |
| pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-3853 | 1 Chaskiq | 1 Chaskiq | 2022-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| chaskiq is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2022-0257 | 1 Pimcore | 1 Pimcore | 2022-01-24 | 3.5 LOW | 5.4 MEDIUM |
| pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-42357 | 1 Apache | 1 Knox | 2022-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| When using Apache Knox SSO prior to 1.6.1, a request could be crafted to redirect a user to a malicious page due to improper URL parsing. A request that included a specially crafted request parameter could be used to redirect the user to a page controlled by an attacker. This URL would need to be presented to the user outside the normal request flow through a XSS or phishing campaign. | |||||
| CVE-2021-44217 | 1 Ericsson | 1 Codechecker | 2022-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting (XSS) vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API. | |||||
| CVE-2022-0260 | 1 Pimcore | 1 Pimcore | 2022-01-24 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.7. | |||||
| CVE-2022-0262 | 1 Pimcore | 1 Pimcore | 2022-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.7. | |||||
| CVE-2022-0232 | 1 Metagauss | 1 Leadmagic | 2022-01-24 | 3.5 LOW | 4.8 MEDIUM |
| The User Registration, Login & Landing Pages WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the loader_text parameter found in the ~/includes/templates/landing-page.php file which allows attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.2.7. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | |||||
| CVE-2022-0233 | 1 Metagauss | 1 Profilegrid | 2022-01-24 | 3.5 LOW | 5.4 MEDIUM |
| The ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pm_user_avatar and pm_cover_image parameters found in the ~/admin/class-profile-magic-admin.php file which allows attackers with authenticated user access, such as subscribers, to inject arbitrary web scripts into their profile, in versions up to and including 1.2.7. | |||||
| CVE-2021-24909 | 1 Acf Photo Gallery Field Project | 1 Acf Photo Gallery Field | 2022-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ACF Photo Gallery Field WordPress plugin before 1.7.5 does not sanitise and escape the post parameter in the includes/acf_photo_gallery_metabox_edit.php file before outputing back in an attribute, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2015-6502 | 1 Puppet | 1 Puppet Enterprise | 2022-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the console in Puppet Enterprise before 2015.2.1 allows remote attackers to inject arbitrary web script or HTML via the string parameter, related to Login Redirect. | |||||
| CVE-2021-3857 | 1 Chaskiq | 1 Chaskiq | 2022-01-24 | 3.5 LOW | 5.4 MEDIUM |
| chaskiq is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-25024 | 1 Theeventscalendar | 1 Eventcalendar | 2022-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The EventCalendar WordPress plugin before 1.1.51 does not escape some user input before outputting it back in attributes, leading to Reflected Cross-SIte Scripting issues | |||||
| CVE-2021-25005 | 1 Seur Oficial Project | 1 Seur Oficial | 2022-01-24 | 3.5 LOW | 4.8 MEDIUM |
| The SEUR Oficial WordPress plugin before 1.7.0 does not sanitize and escape some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||