Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15855 | 1 Redhat | 1 Bodhi | 2023-01-23 | N/A | 6.1 MEDIUM |
| Two cross-site scripting vulnerabilities were fixed in Bodhi 5.6.1. | |||||
| CVE-2020-16145 | 2 Fedoraproject, Roundcube | 2 Fedora, Webmail | 2023-01-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15. | |||||
| CVE-2022-48091 | 1 Hotel Management System Project | 1 Hotel Management System | 2023-01-20 | N/A | 5.4 MEDIUM |
| Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site Scripting (XSS) via process_update_profile.php. | |||||
| CVE-2020-12778 | 1 Combodo | 1 Itop | 2023-01-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack. | |||||
| CVE-2019-20204 | 1 Postieplugin | 1 Postie | 2023-01-20 | 3.5 LOW | 5.4 MEDIUM |
| The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCript:/* at the beginning and a crafted SVG element. | |||||
| CVE-2019-20141 | 1 Laborator | 1 Neon | 2023-01-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter. | |||||
| CVE-2023-0246 | 1 Espcms | 1 Espcms | 2023-01-20 | N/A | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in earclink ESPCMS P8.21120101. Affected is an unknown function of the component Content Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-218154 is the identifier assigned to this vulnerability. | |||||
| CVE-2020-15562 | 2 Debian, Roundcube | 2 Debian Linux, Webmail | 2023-01-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns (aka XML namespace) attribute of a HEAD element when an SVG element exists. | |||||
| CVE-2023-0258 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2023-01-20 | N/A | 6.1 MEDIUM |
| A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Category List Handler. The manipulation of the argument Reason with the input "><script>prompt(1)</script> leads to cross site scripting. The attack may be launched remotely. VDB-218186 is the identifier assigned to this vulnerability. | |||||
| CVE-2012-10005 | 1 Php-form-builder-class Project | 1 Php-form-builder-class | 2023-01-20 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in manikandan170890 php-form-builder-class and classified as problematic. Affected by this vulnerability is an unknown functionality of the file PFBC/Element/Textarea.php of the component Textarea Handler. The manipulation of the argument value leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 74897993818d826595fd5857038e6703456a594a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218155. | |||||
| CVE-2022-46503 | 1 Online Student Enrollment System Project | 1 Online Student Enrollment System | 2023-01-20 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the component /admin/register.php of Online Student Enrollment System v1.0 allows attackers to execute arbitrary web scripts via a crafted payload injected into the name parameter. | |||||
| CVE-2020-1771 | 1 Otrs | 1 Otrs | 2023-01-20 | 3.5 LOW | 5.4 MEDIUM |
| Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter encoding. This issue affects: ((OTRS)) Community Edition: 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. | |||||
| CVE-2020-1106 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2023-01-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1101. | |||||
| CVE-2022-47102 | 1 Student Study Center Management System Project | 1 Student Study Center Management System | 2023-01-20 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Student Study Center Management System V 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | |||||
| CVE-2022-46369 | 1 Maxum | 1 Rumpus | 2023-01-20 | N/A | 5.4 MEDIUM |
| Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting (PXSS) – vulnerability may allow inserting scripts into unspecified input fields. | |||||
| CVE-2022-39187 | 1 Maxum | 1 Rumpus | 2023-01-20 | N/A | 6.1 MEDIUM |
| Rumpus - FTP server version 9.0.7.1 has a Reflected cross-site scripting (RXSS) vulnerability through unspecified vectors. | |||||
| CVE-2020-5306 | 1 Codologic | 1 Codoforum | 2023-01-20 | 3.5 LOW | 4.8 MEDIUM |
| Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content. | |||||
| CVE-2019-15587 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-01-20 | 3.5 LOW | 5.4 MEDIUM |
| In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. | |||||
| CVE-2019-10067 | 1 Otrs | 1 Otrs | 2023-01-20 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the context of OTRS. | |||||
| CVE-2022-42786 | 1 Wut | 34 At-modem-emulator, At-modem-emulator Firmware, Com-server 20ma and 31 more | 2023-01-20 | N/A | 5.4 MEDIUM |
| Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage | |||||