Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-18345 | 2 Davical, Debian | 2 Davical, Debian Linux | 2023-02-01 | 4.3 MEDIUM | 9.3 CRITICAL |
| A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in the name of the user. If the user is an administrator, the attacker can for example add a new admin user to gain full access to the application. | |||||
| CVE-2019-1332 | 1 Microsoft | 3 Power Bi Report Server, Sql Server 2017 Reporting Services, Sql Server 2019 Reporting Services | 2023-02-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Microsoft SQL Server Reporting Services XSS Vulnerability'. | |||||
| CVE-2022-3572 | 1 Gitlab | 1 Gitlab | 2023-02-01 | N/A | 6.1 MEDIUM |
| A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the Jira Connect integration which could lead to a reflected XSS that allowed attackers to perform arbitrary actions on behalf of victims. | |||||
| CVE-2022-38758 | 1 Netiq | 1 Imanager | 2023-02-01 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user's browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL. | |||||
| CVE-2020-22327 | 1 Hfish Project | 1 Hfish | 2023-02-01 | N/A | 6.1 MEDIUM |
| An issue was discovered in HFish 0.5.1. When a payload is inserted where the name is entered, XSS code is triggered when the administrator views the information. | |||||
| CVE-2019-10957 | 1 Geutebrueck | 22 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 19 more | 2023-02-01 | 3.5 LOW | 4.8 MEDIUM |
| Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to event configuration to store malicious code on the server, which could later be triggered by a legitimate user resulting in code execution within the user’s browser. | |||||
| CVE-2023-0448 | 1 Matbao | 1 Wp Helper Premium | 2023-02-01 | N/A | 6.1 MEDIUM |
| The WP Helper Lite WordPress plugin, in versions < 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability. | |||||
| CVE-2022-46957 | 1 Online Graduate Tracer System Project | 1 Online Graduate Tracer System | 2023-02-01 | N/A | 6.1 MEDIUM |
| Sourcecodester.com Online Graduate Tracer System V 1.0.0 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2022-46128 | 1 Doctor Appointment Management System Project | 1 Doctor Appointment Management System | 2023-02-01 | N/A | 6.1 MEDIUM |
| phpgurukul Doctor Appointment Management System V 1.0.0 is vulnerable to Cross Site Scripting (XSS) via searchdata=. | |||||
| CVE-2022-25847 | 1 Serve-lite Project | 1 Serve-lite | 2023-02-01 | N/A | 6.1 MEDIUM |
| All versions of the package serve-lite are vulnerable to Cross-site Scripting (XSS) because when it detects a request to a directory, it renders a file listing of all of its contents with links that include the actual file names without any sanitization or output encoding. | |||||
| CVE-2022-0626 | 1 Kuroit | 1 Advanced Admin Search | 2023-02-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Advanced Admin Search WordPress plugin before 1.1.6 does not sanitize and escape some parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-46624 | 1 Online Graduate Tracer System Project | 1 Online Graduate Tracer System | 2023-02-01 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Online Graduate Tracer System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | |||||
| CVE-2022-45730 | 1 Doctor Appointment Management System Project | 1 Doctor Appointment Management System | 2023-02-01 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search function. | |||||
| CVE-2022-46391 | 3 Awstats, Debian, Fedoraproject | 3 Awstats, Debian Linux, Fedora | 2023-02-01 | N/A | 6.1 MEDIUM |
| AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks. | |||||
| CVE-2018-25073 | 1 Ts-ranksystem | 1 Tsn-ranksystem | 2023-02-01 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in Newcomer1989 TSN-Ranksystem up to 1.2.6 and classified as problematic. This vulnerability affects the function getlog of the file webinterface/bot.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.2.7 is able to address this issue. The name of the patch is b3a3cd8efe2cd3bd3c5b3b7abf2fe80dbee51b77. It is recommended to upgrade the affected component. VDB-218002 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-23687 | 1 Youtube Shortcode Project | 1 Youtube Shortcode | 2023-02-01 | N/A | 5.4 MEDIUM |
| Auth. Stored Cross-Site Scripting (XSS) vulnerability in Youtube shortcode <= 1.8.5 versions. | |||||
| CVE-2023-0446 | 1 My Youtube Channel Project | 1 My Youtube Channel | 2023-02-01 | N/A | 5.5 MEDIUM |
| The My YouTube Channel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 3.0.12.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2022-4790 | 1 Auto Publish For Google My Business Project | 1 Auto Publish For Google My Business | 2023-01-31 | N/A | 5.4 MEDIUM |
| The WP Google My Business Auto Publish WordPress plugin before 3.4 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | |||||
| CVE-2022-4789 | 1 Wpzoom | 1 Wpzoom Portfolio | 2023-01-31 | N/A | 5.4 MEDIUM |
| The WPZOOM Portfolio WordPress plugin before 1.2.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | |||||
| CVE-2022-4832 | 1 Agilelogix | 1 Store Locator | 2023-01-31 | N/A | 5.4 MEDIUM |
| The Store Locator WordPress plugin before 1.4.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||