Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2094 | 1 Yellowyard | 1 Yellow Yard Searchbar | 2023-02-18 | N/A | 6.1 MEDIUM |
| The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting | |||||
| CVE-2022-33934 | 1 Dell | 1 Emc Powerscale Onefs | 2023-02-17 | N/A | 4.8 MEDIUM |
| Dell PowerScale OneFS, versions 8.2.x through 9.4.x contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges may potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected fields. | |||||
| CVE-2022-21939 | 1 Johnsoncontrols | 1 Metasys System Configuration Tool | 2023-02-17 | N/A | 6.1 MEDIUM |
| Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie. | |||||
| CVE-2023-24233 | 1 Inventory Management System Project | 1 Inventory Management System | 2023-02-17 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/orders.php?o=add of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Client Name parameter. | |||||
| CVE-2023-24234 | 1 Inventory Management System Project | 1 Inventory Management System | 2023-02-17 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component php-inventory-management-system/brand.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Brand Name parameter. | |||||
| CVE-2023-24232 | 1 Inventory Management System Project | 1 Inventory Management System | 2023-02-17 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/product.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter. | |||||
| CVE-2023-24231 | 1 Inventory Management System Project | 1 Inventory Management System | 2023-02-17 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/categories.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Categories Name parameter. | |||||
| CVE-2023-24230 | 1 Formwork Project | 1 Formwork | 2023-02-17 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component /formwork/panel/dashboard of Formwork v1.12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page title parameter. | |||||
| CVE-2022-21940 | 1 Johnsoncontrols | 1 Metasys System Configuration Tool | 2023-02-17 | N/A | 6.1 MEDIUM |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie. | |||||
| CVE-2022-3484 | 1 Wpb Show Core Project | 1 Wpb Show Core | 2023-02-17 | N/A | 6.1 MEDIUM |
| The WPB Show Core WordPress plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2023-21434 | 1 Samsung | 1 Galaxy Store | 2023-02-17 | N/A | 6.1 MEDIUM |
| Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page. | |||||
| CVE-2023-24322 | 1 Mojoportal | 1 Mojoportal | 2023-02-16 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters. | |||||
| CVE-2023-0743 | 1 Answer | 1 Answer | 2023-02-16 | N/A | 9.0 CRITICAL |
| Cross-site Scripting (XSS) - Generic in GitHub repository answerdev/answer prior to 1.0.4. | |||||
| CVE-2023-24687 | 1 Mojoportal | 1 Mojoportal | 2023-02-16 | N/A | 5.4 MEDIUM |
| Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Company Info Settings component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtCompanyName parameter. | |||||
| CVE-2023-24686 | 1 Churchcrm | 1 Churchcrm | 2023-02-16 | N/A | 4.8 MEDIUM |
| An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows attackers to execute arbitrary code via importing a crafted CSV file. | |||||
| CVE-2023-24690 | 1 Churchcrm | 1 Churchcrm | 2023-02-16 | N/A | 5.4 MEDIUM |
| ChurchCRM 4.5.3 and below was discovered to contain a stored cross-site scripting (XSS) vulnerability at /api/public/register/family. | |||||
| CVE-2023-0741 | 1 Answer | 1 Answer | 2023-02-16 | N/A | 9.0 CRITICAL |
| Cross-site Scripting (XSS) - DOM in GitHub repository answerdev/answer prior to 1.0.4. | |||||
| CVE-2023-23286 | 1 Farsight | 1 Provide Server | 2023-02-16 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the server-log via username field from the login form. | |||||
| CVE-2022-47418 | 1 Logicaldoc | 1 Logicaldoc | 2023-02-16 | N/A | 5.4 MEDIUM |
| LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document version comments. | |||||
| CVE-2022-47417 | 1 Logicaldoc | 1 Logicaldoc | 2023-02-16 | N/A | 5.4 MEDIUM |
| LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document file name. | |||||