Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4760 | 1 Onlinestorekit | 1 Oneclick Chat To Order | 2023-01-31 | N/A | 5.4 MEDIUM |
| The OneClick Chat to Order WordPress plugin before 1.0.4.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4775 | 1 Ayecode | 1 Geodirectory | 2023-01-31 | N/A | 5.4 MEDIUM |
| The GeoDirectory WordPress plugin before 2.2.22 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-40034 | 1 Javaweb Blog Project | 1 Javaweb Blog | 2023-01-31 | N/A | 5.4 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute arbitrary code via the 'notifyInfo' parameter. | |||||
| CVE-2020-16242 | 1 Ge | 4 S2020, S2020 Firmware, S2024 and 1 more | 2023-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts. | |||||
| CVE-2019-5458 | 1 Http-file-server Project | 1 Http-file-server | 2023-01-31 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in http-file-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser. | |||||
| CVE-2020-25739 | 3 Canonical, Debian, Gon Project | 3 Ubuntu Linux, Debian Linux, Gon | 2023-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does escaping for XSS by default without relying on MultiJson. | |||||
| CVE-2019-7000 | 1 Avaya | 1 Aura Conferencing | 2023-01-31 | 5.8 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14 (8.0.14). Prior versions not listed were not evaluated. | |||||
| CVE-2020-7108 | 1 Learndash | 1 Learndash | 2023-01-31 | 3.5 LOW | 5.4 MEDIUM |
| The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field. | |||||
| CVE-2019-18859 | 1 Digi | 2 Anywhereusb\/14, Anywhereusb\/14 Firmware | 2023-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Digi AnywhereUSB 14 allows XSS via a link for the Digi Page. | |||||
| CVE-2019-19547 | 2 Fedoraproject, Symantec | 2 Fedora, Endpoint Detection And Response | 2023-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. | |||||
| CVE-2018-1000413 | 1 Jenkins | 1 Config File Provider | 2023-01-31 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in configfiles.jelly, providerlist.jelly that allows users with the ability to configure configuration files to insert arbitrary HTML into some pages in Jenkins. | |||||
| CVE-2022-45150 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2023-01-31 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages. | |||||
| CVE-2019-18426 | 1 Whatsapp | 2 Whatsapp, Whatsapp For Desktop | 2023-01-31 | 5.8 MEDIUM | 8.2 HIGH |
| A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message. | |||||
| CVE-2022-45151 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2023-01-31 | N/A | 5.4 MEDIUM |
| The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website. | |||||
| CVE-2019-16222 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2023-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks. | |||||
| CVE-2019-16221 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2023-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress before 5.2.3 allows reflected XSS in the dashboard. | |||||
| CVE-2019-16217 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2023-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled. | |||||
| CVE-2019-16218 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2023-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress before 5.2.3 allows XSS in stored comments. | |||||
| CVE-2019-16219 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2023-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress before 5.2.3 allows XSS in shortcode previews. | |||||
| CVE-2022-4706 | 1 Genesis Columns Advanced Project | 1 Genesis Columns Advanced | 2023-01-31 | N/A | 5.4 MEDIUM |
| The Genesis Columns Advanced WordPress plugin before 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admins. | |||||