Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25061 | 1 Wpbookingsystem | 1 Wp Booking System | 2022-01-24 | 3.5 LOW | 5.4 MEDIUM |
| The WP Booking System WordPress plugin before 2.0.15 was affected by a reflected xss in wp-booking-system on the wpbs-calendars admin page. | |||||
| CVE-2021-25046 | 1 Webnus | 1 Modern Events Calendar Lite | 2022-01-24 | 3.5 LOW | 5.4 MEDIUM |
| The Modern Events Calendar Lite WordPress plugin before 6.2.0 alloed any logged-in user, even a subscriber user, may add a category whose parameters are incorrectly escaped in the admin panel, leading to stored XSS. | |||||
| CVE-2021-3862 | 1 Icecoder | 1 Icecoder | 2022-01-24 | 3.5 LOW | 4.8 MEDIUM |
| icecoder is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-25065 | 1 Smashballoon | 1 Smash Balloon Social Post Feed | 2022-01-24 | 3.5 LOW | 5.4 MEDIUM |
| The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was affected by a reflected XSS in custom-facebook-feed in cff-top admin page. | |||||
| CVE-2021-25067 | 1 Pluginops | 1 Landing Page | 2022-01-24 | 3.5 LOW | 5.4 MEDIUM |
| The Landing Page Builder WordPress plugin before 1.4.9.6 was affected by a reflected XSS in page-builder-add on the ulpb_post admin page. | |||||
| CVE-2021-46005 | 1 Car Rental Management System Project | 1 Car Rental Management System | 2022-01-24 | 3.5 LOW | 5.4 MEDIUM |
| Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via vehicalorcview parameter. | |||||
| CVE-2021-33040 | 1 Futurepress | 1 Epub.js | 2022-01-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| managers/views/iframe.js in FuturePress EPub.js before 0.3.89 allows XSS. | |||||
| CVE-2021-4170 | 1 Calibre-web Project | 1 Calibre-web | 2022-01-21 | 3.5 LOW | 5.4 MEDIUM |
| calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-40813 | 1 Element-it | 1 Http Commander | 2022-01-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the "Zip content" feature in Element-IT HTTP Commander 3.1.9 allows remote authenticated users to inject arbitrary web script or HTML via filenames. | |||||
| CVE-2020-8436 | 1 Metagauss | 1 Registrationmagic | 2022-01-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress via the rm_form_id, rm_tr, or form_name parameter. | |||||
| CVE-2020-28919 | 1 Tribe29 | 1 Checkmk | 2022-01-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title. | |||||
| CVE-2022-22529 | 1 Sap | 1 Enterprise Threat Detection | 2022-01-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP Enterprise Threat Detection (ETD) - version 2.0, does not sufficiently encode user-controlled inputs which may lead to an unauthorized attacker possibly exploit XSS vulnerability. The UIs in ETD are using SAP UI5 standard controls, the UI5 framework provides automated output encoding for its standard controls. This output encoding prevents stored malicious user input from being executed when it is reflected in the UI. | |||||
| CVE-2021-36920 | 1 Wpchill | 1 Download Monitor | 2022-01-21 | 3.5 LOW | 5.4 MEDIUM |
| Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress plugin Download Monitor (versions <= 4.4.6). | |||||
| CVE-2021-38127 | 1 Microfocus | 1 Arcsight Enterprise Security Manager | 2022-01-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS). | |||||
| CVE-2021-38126 | 1 Microfocus | 1 Arcsight Enterprise Security Manager | 2022-01-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS). | |||||
| CVE-2021-45086 | 2 Debian, Gnome | 2 Debian Linux, Epiphany | 2022-01-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js. | |||||
| CVE-2020-13169 | 1 Solarwinds | 1 Orion Platform | 2022-01-21 | 3.5 LOW | 9.0 CRITICAL |
| Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges (takeover of administrator account). | |||||
| CVE-2022-22114 | 1 Sismics | 1 Teedy | 2022-01-21 | 4.3 MEDIUM | 9.6 CRITICAL |
| In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross-Site Scripting (XSS). The “search term" search functionality is not sufficiently sanitized while displaying the results of the search, which can be leveraged to inject arbitrary scripts. These scripts are executed in a victim’s browser when they enter the crafted URL. In the worst case, the victim who inadvertently triggers the attack is a highly privileged administrator. The injected scripts can extract the Session ID, which can lead to full Account Takeover of the administrator, by an unauthenticated attacker. | |||||
| CVE-2022-22115 | 1 Sismics | 1 Teedy | 2022-01-21 | 3.5 LOW | 9.0 CRITICAL |
| In Teedy, versions v1.5 through v1.9 are vulnerable to Stored Cross-Site Scripting (XSS) in the name of a created Tag. Since the Tag name is not being sanitized properly in the edit tag page, a low privileged attacker can store malicious scripts in the name of the Tag. In the worst case, the victim who inadvertently triggers the attack is a highly privileged administrator. The injected scripts can extract the Session ID, which can lead to full Account Takeover of the administrator, and privileges escalation. | |||||
| CVE-2021-42551 | 1 Alcoda | 1 Netbiblio | 2022-01-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in the search functionality of AlCoda NetBiblio WebOPAC allows an unauthenticated user to craft a reflected Cross-Site Scripting attack. This issue affects: AlCoda NetBiblio WebOPAC versions prior to 4.0.0.320; versions later than 4.0.0.328. This issue does not affect: AlCoda NetBiblio WebOPAC version 4.0.0.335 and later versions. | |||||