Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12190 | 1 Control-webpanel | 1 Webpanel | 2023-01-24 | 3.5 LOW | 5.4 MEDIUM |
| XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.747 via the testacc/fileManager2.php fm_current_dir or filename parameter. | |||||
| CVE-2019-16295 | 1 Control-webpanel | 1 Webpanel | 2023-01-24 | 1.9 LOW | 4.6 MEDIUM |
| Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 exists via the cmd_arg parameter. This can be exploited by a local attacker who supplies a crafted filename within a directory visited by the victim. | |||||
| CVE-2019-7646 | 1 Control-webpanel | 1 Webpanel | 2023-01-24 | 3.5 LOW | 4.8 MEDIUM |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter. | |||||
| CVE-2022-4648 | 1 Shapedplugin | 1 Real Testimonials | 2023-01-24 | N/A | 5.4 MEDIUM |
| The Real Testimonials WordPress plugin before 2.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4653 | 1 Greenshiftwp | 1 Greenshift - Animation And Page Builder Blocks | 2023-01-24 | N/A | 5.4 MEDIUM |
| The Greenshift WordPress plugin before 4.8.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | |||||
| CVE-2022-4199 | 1 Link Library Project | 1 Link Library | 2023-01-24 | N/A | 4.8 MEDIUM |
| The Link Library WordPress plugin before 7.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2015-10049 | 1 Course-builder Project | 1 Course-builder | 2023-01-24 | N/A | 6.1 MEDIUM |
| A vulnerability was found in Overdrive EletrĂ´nica course-builder up to 1.7.x and classified as problematic. Affected by this issue is some unknown functionality of the file coursebuilder/modules/oeditor/oeditor.html. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.8.0 is able to address this issue. The name of the patch is e39645fd714adb7e549908780235911ae282b21b. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218372. | |||||
| CVE-2022-3904 | 1 Monsterinsights | 1 Monsterinsights | 2023-01-24 | N/A | 6.1 MEDIUM |
| The MonsterInsights WordPress plugin before 8.9.1 does not sanitize or escape page titles in the top posts/pages section, allowing an unauthenticated attacker to inject arbitrary web scripts into the titles by spoofing requests to google analytics. | |||||
| CVE-2022-2658 | 1 Wpspellcheck | 1 Wpspellcheck | 2023-01-24 | N/A | 4.8 MEDIUM |
| The WP Spell Check WordPress plugin before 9.13 does not escape ignored words, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2023-0301 | 1 Opencollective | 1 Alf.io | 2023-01-24 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository alfio-event/alf.io prior to Alf.io 2.0-M4-2301. | |||||
| CVE-2023-0300 | 1 Opencollective | 1 Alf.io | 2023-01-24 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository alfio-event/alf.io prior to 2.0-M4-2301. | |||||
| CVE-2023-0323 | 1 Pimcore | 1 Pimcore | 2023-01-24 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.14. | |||||
| CVE-2022-43718 | 1 Apache | 1 Superset | 2023-01-24 | N/A | 5.4 MEDIUM |
| Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. | |||||
| CVE-2022-43717 | 1 Apache | 1 Superset | 2023-01-24 | N/A | 5.4 MEDIUM |
| Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. | |||||
| CVE-2021-37412 | 1 It-economics | 1 Techradar | 2023-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The TechRadar app 1.1 for Confluence Server allows XSS via the Title field of a Radar. | |||||
| CVE-2022-27854 | 1 Psychological Tests \& Quizzes Project | 1 Psychological Tests \& Quizzes | 2023-01-24 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher role via &wpt_test_page_submit_button_caption parameter. | |||||
| CVE-2022-28716 | 1 F5 | 3 Big-ip Advanced Firewall Manager, Big-ip Carrier-grade Nat, Big-ip Policy Enforcement Manager | 2023-01-24 | 6.8 MEDIUM | 8.8 HIGH |
| On 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x 11.6.x, a DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP AFM, CGNAT, and PEM Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2014-125078 | 1 Horizon Project | 1 Horizon | 2023-01-24 | N/A | 5.4 MEDIUM |
| A vulnerability was found in yanheven console and classified as problematic. Affected by this issue is some unknown functionality of the file horizon/static/horizon/js/horizon.instances.js. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is 32a7b713468161282f2ea01d5e2faff980d924cd. It is recommended to apply a patch to fix this issue. VDB-218354 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-0314 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-01-24 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | |||||
| CVE-2023-0313 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-01-24 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | |||||