Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0410 | 1 Builder | 1 Qwik | 2023-01-26 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Generic in GitHub repository builderio/qwik prior to 0.1.0-beta5. | |||||
| CVE-2022-46733 | 1 Sewio | 1 Real-time Location System Studio | 2023-01-26 | N/A | 9.6 CRITICAL |
| Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site scripting in its backup services. An attacker could take advantage of this vulnerability to execute arbitrary commands. | |||||
| CVE-2022-4892 | 1 Mycms Project | 1 Mycms | 2023-01-25 | N/A | 6.1 MEDIUM |
| A vulnerability was found in MyCMS. It has been classified as problematic. This affects the function build_view of the file lib/gener/view.php of the component Visitors Module. The manipulation of the argument original/converted leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is d64fcba4882a50e21cdbec3eb4a080cb694d26ee. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218895. | |||||
| CVE-2022-46888 | 1 Nexusphp | 1 Nexusphp | 2023-01-25 | N/A | 6.1 MEDIUM |
| Multiple reflective cross-site scripting (XSS) vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q parameter in myhr.php; or id parameter in /viewrequests.php. | |||||
| CVE-2022-45558 | 2 Apple, Left Project | 2 Macos, Left | 2023-01-25 | N/A | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 for MacOS allows attackers to execute arbitrary code via the meta tag. | |||||
| CVE-2022-45557 | 2 Apple, Left Project | 2 Macos, Left | 2023-01-25 | N/A | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 for MacOS allows attackers to execute arbitrary code via file names. | |||||
| CVE-2022-45542 | 1 Eyoucms | 1 Eyoucms | 2023-01-25 | N/A | 5.4 MEDIUM |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager component in GET parameter "filename" when editing any file. | |||||
| CVE-2022-45540 | 1 Eyoucms | 1 Eyoucms | 2023-01-25 | N/A | 6.1 MEDIUM |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in article type editor component in POST value "name" if the value contains a malformed UTF-8 char. | |||||
| CVE-2022-46889 | 1 Nexusphp | 1 Nexusphp | 2023-01-25 | N/A | 5.4 MEDIUM |
| A persistent cross-site scripting (XSS) vulnerability in NexusPHP before 1.7.33 allows remote authenticated attackers to permanently inject arbitrary web script or HTML via the title parameter used in /subtitles.php. | |||||
| CVE-2022-45541 | 1 Eyoucms | 1 Eyoucms | 2023-01-25 | N/A | 6.1 MEDIUM |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article attribute editor component in POST value "value" if the value contains a non-integer char. | |||||
| CVE-2022-45539 | 1 Eyoucms | 1 Eyoucms | 2023-01-25 | N/A | 6.1 MEDIUM |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in FileManager component in GET value "activepath" when creating a new file. | |||||
| CVE-2022-45537 | 1 Eyoucms | 1 Eyoucms | 2023-01-25 | N/A | 6.1 MEDIUM |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_LIST_URL". | |||||
| CVE-2022-45538 | 1 Eyoucms | 1 Eyoucms | 2023-01-25 | N/A | 6.1 MEDIUM |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_GOBACK_URL". | |||||
| CVE-2022-45613 | 1 Book Store Management System Project | 1 Book Store Management System | 2023-01-25 | N/A | 5.4 MEDIUM |
| Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the publisher parameter. | |||||
| CVE-2020-36654 | 1 Geni | 1 Geni-portal | 2023-01-25 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in GENI Portal. This affects the function no_invocation_id_error of the file portal/www/portal/sliceresource.php. The manipulation of the argument invocation_id/invocation_user leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is 39a96fb4b822bd3497442a96135de498d4a81337. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218475. | |||||
| CVE-2023-0214 | 1 Trellix | 1 Skyhigh Secure Web Gateway | 2023-01-25 | N/A | 6.1 MEDIUM |
| A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft SWG-specific internal requests with URL paths to any third-party website, causing arbitrary content to be injected into the response when accessed through SWG. | |||||
| CVE-2022-4295 | 1 Appjetty | 1 Show All Comments | 2023-01-25 | N/A | 6.1 MEDIUM |
| The Show All Comments WordPress plugin before 7.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin. | |||||
| CVE-2020-36653 | 1 Geni | 1 Geni-portal | 2023-01-25 | N/A | 6.1 MEDIUM |
| A vulnerability was found in GENI Portal. It has been rated as problematic. Affected by this issue is some unknown functionality of the file portal/www/portal/error-text.php. The manipulation of the argument error leads to cross site scripting. The attack may be launched remotely. The name of the patch is c2356cc41260551073bfaa3a94d1ab074f554938. It is recommended to apply a patch to fix this issue. VDB-218474 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4484 | 1 Heateor | 1 Super Socializer | 2023-01-25 | N/A | 5.4 MEDIUM |
| The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.44 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2017-20167 | 1 Minichan | 1 Minichan | 2023-01-25 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in Minichan. This affects an unknown part of the file reports.php. The manipulation of the argument headline leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is fc0e732e58630cba318d6bf49d1388a7aa9d390e. It is recommended to apply a patch to fix this issue. The identifier VDB-217785 was assigned to this vulnerability. | |||||