Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4336 | 1 Bt | 1 Baota | 2022-12-12 | N/A | 5.4 MEDIUM |
| In BAOTA linux panel there exists a stored xss vulnerability attackers can use to obtain sensitive information via the log analysis feature. | |||||
| CVE-2022-41299 | 1 Ibm | 1 Cloud Transformation Advisor | 2022-12-12 | N/A | 5.4 MEDIUM |
| IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 237214. | |||||
| CVE-2022-4353 | 1 Pb-cms Project | 1 Pb-cms | 2022-12-12 | N/A | 9.0 CRITICAL |
| A vulnerability has been found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this vulnerability is the function IpUtil.getIpAddr. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215113 was assigned to this vulnerability. | |||||
| CVE-2022-38754 | 1 Microfocus | 2 Operations Bridge, Operations Bridge Manager | 2022-12-12 | N/A | 5.4 MEDIUM |
| A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM (Operations Bridge Manager) user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is only applicable if the Operations Bridge Manager capability is deployed. A potential vulnerability has been identified in Micro Focus Operations Bridge Manager (OBM). The vulnerability could be exploited by a malicious authenticated OBM user to run Java Scripts in the browser context of another OBM user. This issue affects: Micro Focus Micro Focus Operations Bridge Manager versions prior to 2022.11. Micro Focus Micro Focus Operations Bridge- Containerized versions prior to 2022.11. | |||||
| CVE-2022-23475 | 1 Daloradius | 1 Daloradius | 2022-12-12 | N/A | 8.8 HIGH |
| daloRADIUS is an open source RADIUS web management application. daloRadius 1.3 and prior are vulnerable to a combination cross site scripting (XSS) and cross site request forgery (CSRF) vulnerability which leads to account takeover in the mng-del.php file because of an unescaped variable reflected in the DOM on line 116. This issue has been addressed in commit `ec3b4a419e`. Users are advised to manually apply the commit in order to mitigate this issue. Users may also mitigate this issue with in two parts 1) The CSRF vulnerability can be mitigated by making the daloRadius session cookie to samesite=Lax or by the implimentation of a CSRF token in all forms. 2) The XSS vulnerability may be mitigated by escaping it or by introducing a Content-Security policy. | |||||
| CVE-2022-45122 | 1 Sixapart | 1 Movable Type | 2022-12-12 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Movable Type Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. | |||||
| CVE-2022-43668 | 1 Typora | 1 Typora | 2022-12-12 | N/A | 6.1 MEDIUM |
| Typora versions prior to 1.4.4 fails to properly neutralize JavaScript code, which may result in executing JavaScript code contained in the file when opening a file with the affected product. | |||||
| CVE-2022-4341 | 1 Coder-chain Gdut Project | 1 Coder-chain Gdut | 2022-12-12 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in csliuwy coder-chain_gdut and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /back/index.php/user/User/?1. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215095. | |||||
| CVE-2022-42486 | 1 Basercms | 1 Basercms | 2022-12-12 | N/A | 4.8 MEDIUM |
| Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. | |||||
| CVE-2022-41994 | 1 Basercms | 1 Basercms | 2022-12-12 | N/A | 4.8 MEDIUM |
| Stored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. | |||||
| CVE-2022-4347 | 1 Beetl-bbs Project | 1 Beetl-bbs | 2022-12-09 | N/A | 5.4 MEDIUM |
| A vulnerability was found in xiandafu beetl-bbs. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file WebUtils.java. The manipulation of the argument user leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215107. | |||||
| CVE-2022-4348 | 1 Ruoyi | 1 Ruoyi-cloud | 2022-12-09 | N/A | 6.1 MEDIUM |
| A vulnerability was found in y_project RuoYi-Cloud. It has been rated as problematic. Affected by this issue is some unknown functionality of the component JSON Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215108. | |||||
| CVE-2022-4350 | 1 Mingsoft | 1 Mcms | 2022-12-09 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in Mingsoft MCMS 5.2.8. Affected is an unknown function of the file search.do. The manipulation of the argument content_title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215112. | |||||
| CVE-2020-36609 | 1 Duxcms Project | 1 Duxcms | 2022-12-09 | N/A | 5.4 MEDIUM |
| A vulnerability was found in annyshow DuxCMS 2.1. It has been classified as problematic. This affects an unknown part of the file admin.php&r=article/AdminContent/edit of the component Article Handler. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215115. | |||||
| CVE-2019-4149 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2022-12-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03, V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06, and V8.5.6.0 through V8.5.6.0 CF2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158415. | |||||
| CVE-2019-4074 | 1 Ibm | 1 Sterling B2b Integrator | 2022-12-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157108. | |||||
| CVE-2019-4073 | 1 Ibm | 1 Sterling B2b Integrator | 2022-12-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157107. | |||||
| CVE-2019-4186 | 1 Ibm | 1 Jazz For Service Management | 2022-12-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching. By sending a specially crafted HTTP GET request, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-force ID: 158976. | |||||
| CVE-2019-4270 | 1 Ibm | 1 Websphere Application Server | 2022-12-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160203. | |||||
| CVE-2021-28957 | 5 Debian, Fedoraproject, Lxml and 2 more | 5 Debian Linux, Fedora, Lxml and 2 more | 2022-12-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3. | |||||