Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3080 | 1 Redhat | 1 Satellite | 2023-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via the (1) RHNMD User or (2) Filesystem parameters, related to display of monitoring probes. | |||||
| CVE-2016-3079 | 1 Redhat | 2 Satellite, Spacewalk-java | 2023-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems/SystemEntitlements.do; (2) the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a (3) snapshot tag or (4) system group in System Set Manager (SSM). | |||||
| CVE-2016-2104 | 1 Redhat | 1 Satellite | 2023-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to software/packages/NameOverview.do; or unspecified vectors related to (5) <input:hidden> or (6) <bean:message> tags. | |||||
| CVE-2016-2103 | 1 Redhat | 1 Satellite | 2023-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the list_1680466951_oldfilterval parameter to systems/PhysicalList.do or (2) unspecified vectors involving systems/VirtualSystemsList.do. | |||||
| CVE-2015-7518 | 1 Theforeman | 1 Foreman | 2023-02-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via (1) global parameters, (2) smart class parameters, or (3) smart variables in the (a) host or (b) hostgroup edit forms. | |||||
| CVE-2022-3205 | 1 Redhat | 1 Ansible Automation Platform | 2023-02-11 | N/A | 6.1 MEDIUM |
| Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection | |||||
| CVE-2017-20176 | 1 Share On Diaspora Project | 1 Share On Diaspora | 2023-02-11 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in ciubotaru share-on-diaspora 0.7.9. This vulnerability affects unknown code of the file new_window.php. The manipulation of the argument title/url leads to cross site scripting. The attack can be initiated remotely. The name of the patch is fb6fae2f8a9b146471450b5b0281046a17d1ac8d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-220204. | |||||
| CVE-2015-10072 | 1 Nrel | 1 Api Umbrella Web | 2023-02-11 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in NREL api-umbrella-web 0.7.1. This vulnerability affects unknown code of the component Flash Message Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.0 is able to address this issue. The name of the patch is bcc0e922c61d30367678c8f17a435950969315cd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-220060. | |||||
| CVE-2023-0676 | 1 Phpipam | 1 Phpipam | 2023-02-11 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1. | |||||
| CVE-2023-0677 | 1 Phpipam | 1 Phpipam | 2023-02-11 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1. | |||||
| CVE-2021-36823 | 1 Cusmin | 1 Absolutely Glamorous Custom Admin | 2023-02-11 | 3.5 LOW | 8.2 HIGH |
| Auth. Stored Cross-Site Scripting (XSS) vulnerability in WordPress Absolutely Glamorous Custom Admin plugin <= 6.8 versions. | |||||
| CVE-2021-23150 | 1 Ampforwp | 1 Accelerated Mobile Pages | 2023-02-11 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in AMP for WP – Accelerated Mobile Pages plugin <= 1.0.77.31 versions. | |||||
| CVE-2021-36826 | 1 Wedevs | 1 Wp Project Manager | 2023-02-11 | 3.5 LOW | 5.4 MEDIUM |
| Authenticated (subscriber or higher user role if allowed to access projects) Stored Cross-Site Scripting (XSS) vulnerability in weDevs WP Project Manager plugin <= 2.4.13 versions. | |||||
| CVE-2021-24581 | 1 Blue-admin Project | 1 Blue-admin | 2023-02-11 | 6.8 MEDIUM | 8.8 HIGH |
| The Blue Admin WordPress plugin through 21.06.01 does not sanitise or escape its "Logo Title" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack. | |||||
| CVE-2022-4577 | 1 Goldplugins | 1 Easy Testimonials | 2023-02-10 | N/A | 5.4 MEDIUM |
| The Easy Testimonials WordPress plugin before 3.9.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4459 | 1 Wp Show Posts Project | 1 Wp Show Posts | 2023-02-10 | N/A | 5.4 MEDIUM |
| The WP Show Posts WordPress plugin before 1.1.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4321 | 1 Wpswings | 1 Pdf Generator For Wordpress | 2023-02-10 | N/A | 6.1 MEDIUM |
| The PDF Generator for WordPress plugin before 1.1.2 includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin | |||||
| CVE-2019-19453 | 1 Wowza | 1 Streaming Engine | 2023-02-10 | 3.5 LOW | 5.4 MEDIUM |
| Wowza Streaming Engine before 4.8.5 allows XSS (issue 1 of 2). An authenticated user, with access to the proxy license editing is able to insert a malicious payload that will be triggered in the main page of server settings. This issue was resolved in Wowza Streaming Engine 4.8.5. | |||||
| CVE-2020-11110 | 2 Grafana, Netapp | 2 Grafana, E-series Performance Analyzer | 2023-02-10 | 3.5 LOW | 5.4 MEDIUM |
| Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot. | |||||
| CVE-2021-37518 | 1 Vimium Project | 1 Vimium | 2023-02-10 | N/A | 6.1 MEDIUM |
| Universal Cross Site Scripting (UXSS) vulnerability in Vimium Extension 1.66 and earlier allows remote attackers to run arbitrary code via omnibar feature. | |||||