Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43271 | 1 Inhabit | 1 Move Crm | 2022-12-29 | N/A | 5.4 MEDIUM |
| Inhabit Systems Pty Ltd Move CRM version 4, build 260 was discovered to contain a cross-site scripting (XSS) vulnerability via the User profile component. | |||||
| CVE-2022-4642 | 1 Tatoeba | 1 Tatoeba2 | 2022-12-29 | N/A | 5.4 MEDIUM |
| A vulnerability was found in tatoeba2. It has been classified as problematic. This affects an unknown part of the component Profile Name Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version prod_2022-10-30 is able to address this issue. The name of the patch is 91110777fc8ddf1b4a2cf4e66e67db69b9700361. It is recommended to upgrade the affected component. The identifier VDB-216501 was assigned to this vulnerability. | |||||
| CVE-2022-4637 | 1 Ep-3bookingsystem | 1 Ep-3 Bookingsystem | 2022-12-28 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in ep3-bs up to 1.7.x. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.8.0 is able to address this issue. The name of the patch is ef49e709c8adecc3a83cdc6164a67162991d2213. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216495. | |||||
| CVE-2022-4638 | 1 Collective.contact.widget Project | 1 Collective.contact.widget | 2022-12-28 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in collective.contact.widget up to 1.12. This vulnerability affects the function title of the file src/collective/contact/widget/widgets.py. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 5da36305ca7ed433782be8901c47387406fcda12. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216496. | |||||
| CVE-2022-46095 | 1 Covid-19 Directory On Vaccination System Project | 1 Covid-19 Directory On Vaccination System | 2022-12-28 | N/A | 6.1 MEDIUM |
| Sourcecodester Covid-19 Directory on Vaccination System 1.0 was discovered to contain a Cross-Site Scripting (XSS) vulnerability via verification.php because the program does not verify the txtvaccinationID parameter. | |||||
| CVE-2022-46096 | 1 Covid-19 Directory On Vaccination System Project | 1 Covid-19 Directory On Vaccination System | 2022-12-28 | N/A | 6.1 MEDIUM |
| A Cross site scripting (XSS) vulnerability in Sourcecodester Online Covid-19 Directory on Vaccination System v1.0 allows attackers to execute arbitrary code via the txtfullname parameter or txtphone parameter to register.php without logging in. | |||||
| CVE-2022-41993 | 1 Jacic | 1 Electronic Bidding Core System | 2022-12-28 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. | |||||
| CVE-2022-3877 | 1 Clickstudios | 1 Passwordstate | 2022-12-28 | N/A | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Affected is an unknown function of the component URL Field Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. VDB-216246 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-40841 | 1 Ndk-design | 1 Ndkadvancedcustomizationfields | 2022-12-28 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in NdkAdvancedCustomizationFields v3.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payloads injected into the "htmlNodes" parameter. | |||||
| CVE-2021-4266 | 1 Hitachi | 1 Community Plugin Framework | 2022-12-28 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in Webdetails cpf up to 9.5.0.0-80. Affected is an unknown function of the file core/src/main/java/pt/webdetails/cpf/packager/DependenciesPackage.java. The manipulation of the argument baseUrl leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 9.5.0.0-81 is able to address this issue. The name of the patch is 3bff900d228e8cae3af256b447c5d15bdb03c174. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216468. | |||||
| CVE-2020-36621 | 1 Whatismyudid Project | 1 Whatismyudid | 2022-12-28 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in chedabob whatismyudid. Affected by this issue is the function exports.enrollment of the file routes/mobileconfig.js. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is bb33d4325fba80e7ea68b79121dba025caf6f45f. It is recommended to apply a patch to fix this issue. VDB-216470 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-22456 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2022-12-28 | N/A | 6.1 MEDIUM |
| IBM Security Verify Governance, Identity Manager 10.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 225004. | |||||
| CVE-2021-43657 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-12-27 | N/A | 5.4 MEDIUM |
| A Stored Cross-site scripting (XSS) vulnerability via MAster.php in Sourcecodetester Simple Client Management System (SCMS) 1.0 allows remote attackers to inject arbitrary web script or HTML via the vulnerable input fields. | |||||
| CVE-2021-4270 | 1 Imprint Cms Project | 1 Imprint Cms | 2022-12-27 | N/A | 6.1 MEDIUM |
| A vulnerability was found in Imprint CMS. It has been classified as problematic. Affected is the function SearchForm of the file ImprintCMS/Models/ViewHelpers.cs. The manipulation of the argument query leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 6140b140ccd02b5e4e7d6ba013ac1225724487f4. It is recommended to apply a patch to fix this issue. VDB-216474 is the identifier assigned to this vulnerability. | |||||
| CVE-2021-4269 | 1 Simplerisk | 1 Simplerisk | 2022-12-27 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in SimpleRisk and classified as problematic. This vulnerability affects the function checkAndSetValidation of the file simplerisk/js/common.js. The manipulation of the argument title leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 20220306-001 is able to address this issue. The name of the patch is 591405b4ed160fbefc1dca1e55c5745079a7bb48. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216472. | |||||
| CVE-2021-4267 | 1 Tad Discuss Project | 1 Tad Discuss | 2022-12-27 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in tad_discuss. Affected by this vulnerability is an unknown functionality. The manipulation of the argument DiscussTitle leads to cross site scripting. The attack can be launched remotely. The name of the patch is af94d034ff8db642d05fd8788179eab05f433958. It is recommended to apply a patch to fix this issue. The identifier VDB-216469 was assigned to this vulnerability. | |||||
| CVE-2021-4265 | 1 Siwapp | 1 Siwapp-ror | 2022-12-27 | N/A | 6.1 MEDIUM |
| A vulnerability was found in siwapp-ror. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 924d16008cfcc09356c87db01848e45290cb58ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216467. | |||||
| CVE-2022-25929 | 1 Smoothiecharts | 1 Smoothie Charts | 2022-12-27 | N/A | 5.4 MEDIUM |
| The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to Cross-site Scripting (XSS) due to improper user input sanitization in strokeStyle and tooltipLabel properties. Exploiting this vulnerability is possible when the user can control these properties. | |||||
| CVE-2022-46771 | 1 Ibm | 1 Urbancode Deploy | 2022-12-27 | N/A | 4.6 MEDIUM |
| IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 242273. | |||||
| CVE-2022-4619 | 1 Codelights-shortcodes-and-widgets Project | 1 Codelights-shortcodes-and-widgets | 2022-12-27 | N/A | 4.8 MEDIUM |
| The Sidebar Widgets by CodeLights plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Extra CSS class’ parameter in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | |||||