Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-46073 | 1 Helmet Store Showroom Project | 1 Helmet Store Showroom | 2023-01-30 | N/A | 6.1 MEDIUM |
| Helmet Store Showroom 1.0 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2022-4876 | 1 Kaltura | 1 Mwembed | 2023-01-30 | N/A | 6.1 MEDIUM |
| A vulnerability was found in Kaltura mwEmbed up to 2.96.rc1 and classified as problematic. This issue affects some unknown processing of the file includes/DefaultSettings.php. The manipulation of the argument HTTP_X_FORWARDED_HOST leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.96.rc2 is able to address this issue. The name of the patch is 13b8812ebc8c9fa034eed91ab35ba8423a528c0b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217427. | |||||
| CVE-2022-38489 | 1 Easyvista | 1 Service Manager | 2023-01-30 | N/A | 5.4 MEDIUM |
| An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03 It is prone to stored Cross-site Scripting (XSS). Version 2022.1.110.1.02 fixes the vulnerably. | |||||
| CVE-2018-3741 | 1 Rubyonrails | 1 Html Sanitizer | 2023-01-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah. All users running an affected release should either upgrade or use one of the workarounds immediately. | |||||
| CVE-2018-3726 | 1 Crud-file-server Project | 1 Crud-file-server | 2023-01-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names. | |||||
| CVE-2018-3735 | 1 Bracket-template Project | 1 Bracket-template | 2023-01-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| bracket-template suffers from reflected XSS possible when variable passed via GET parameter is used in template | |||||
| CVE-2018-20472 | 1 Sahipro | 1 Sahi Pro | 2023-01-30 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. The logs web interface is vulnerable to stored XSS. | |||||
| CVE-2018-3716 | 1 Simplehttpserver Project | 1 Simplehttpserver | 2023-01-30 | 3.5 LOW | 5.4 MEDIUM |
| simplehttpserver node module suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names. | |||||
| CVE-2018-3771 | 1 Statics-server Project | 1 Statics-server | 2023-01-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser. | |||||
| CVE-2018-3773 | 1 Metascraper Project | 1 Metascraper | 2023-01-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a stored Cross-Site Scripting vulnerability in Open Graph meta properties read by the `metascrape` npm module <= 3.9.2. | |||||
| CVE-2019-12766 | 1 Joomla | 1 Joomla\! | 2023-01-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors. | |||||
| CVE-2022-4307 | 1 Wp-master | 1 Pardakht-delkhah | 2023-01-30 | N/A | 6.1 MEDIUM |
| The ?????? ?????? ?????? WordPress plugin before 2.9.3 does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege users such as admin visits a page from the plugin. | |||||
| CVE-2023-24070 | 1 Misp-project | 1 Malware Information Sharing Platform | 2023-01-30 | N/A | 6.1 MEDIUM |
| app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field. | |||||
| CVE-2022-4235 | 1 Rushstreetinteractive | 1 Rushbet | 2023-01-30 | N/A | 5.4 MEDIUM |
| RushBet version 2022.23.1-b490616d allows a remote attacker to steal customer accounts via use of a malicious application. This is possible because the application exposes an activity and does not properly validate the data it receives. | |||||
| CVE-2023-23012 | 1 Classroombookings | 1 Classroombookings | 2023-01-27 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in craigrodway classroombookings 2.6.4 allows attackers to execute arbitrary code or other unspecified impacts via the input bgcol in file Weeks.php. | |||||
| CVE-2023-23010 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2023-01-27 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Ecommerce-CodeIgniter-Bootstrap thru commit d5904379ca55014c5df34c67deda982c73dc7fe5 (on Dec 27, 2022), allows attackers to execute arbitrary code via the languages and trans_load parameters in file add_product.php. | |||||
| CVE-2023-23014 | 1 Inventory System Project | 1 Inventory System | 2023-01-27 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in InventorySystem thru commit e08fbbe17902146313501ed0b5feba81d58f455c (on Apr 23, 2021) via edit_store_name and edit_active inputs in file InventorySystem.php. | |||||
| CVE-2020-11083 | 1 Octobercms | 1 October | 2023-01-27 | 3.5 LOW | 4.8 MEDIUM |
| In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field. This has been fixed in 1.0.466. For users of the RainLab.Blog plugin, this has also been fixed in 1.4.1. | |||||
| CVE-2017-12097 | 1 Delayed Job Web Project | 1 Delayed Job Web | 2023-01-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| An exploitable cross site scripting (XSS) vulnerability exists in the filter functionality of the delayed_job_web rails gem version 1.4. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability. | |||||
| CVE-2020-14073 | 1 Paessler | 1 Prtg Network Monitor | 2023-01-27 | 3.5 LOW | 5.4 MEDIUM |
| XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. This can be exploited against any user with View Maps or Edit Maps access. | |||||