Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40209 | 1 Xylusthemes | 1 Wp Smart Import | 2022-12-07 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xylus Themes WP Smart Import plugin <= 1.0.2 on WordPress. | |||||
| CVE-2019-4497 | 1 Ibm | 1 Jazz Reporting Service | 2022-12-07 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164118. | |||||
| CVE-2019-4542 | 1 Ibm | 1 Security Directory Server | 2022-12-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Security Directory Server 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 165815. | |||||
| CVE-2019-4495 | 1 Ibm | 1 Jazz Reporting Service | 2022-12-07 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164116. | |||||
| CVE-2022-45848 | 1 Contest-gallery | 1 Contest Gallery | 2022-12-07 | N/A | 6.1 MEDIUM |
| Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Contest Gallery plugin <= 13.1.0.9 on WordPress. | |||||
| CVE-2016-3709 | 1 Xmlsoft | 1 Libxml2 | 2022-12-07 | N/A | 6.1 MEDIUM |
| Possible cross-site scripting vulnerability in libxml after commit 960f0e2. | |||||
| CVE-2022-46151 | 1 Pinterest | 1 Querybook | 2022-12-07 | N/A | 6.1 MEDIUM |
| Querybook is an open source data querying UI. In affected versions user provided data is not escaped in the error field of the auth callback url in `querybook/server/app/auth/oauth_auth.py` and `querybook/server/app/auth/okta_auth.py`. This may allow attackers to perform reflected cross site scripting (XSS) if Content Security Policy (CSP) is not enabled or `unsafe-inline` is allowed. Users are advised to upgrade to the latest, patched version of querybook (version 3.14.2 or greater). Users unable to upgrade may enable CSP and not allow unsafe-inline or manually escape query parameters in a reverse proxy. | |||||
| CVE-2022-43556 | 1 Concretecms | 1 Concrete Cms | 2022-12-07 | N/A | 6.1 MEDIUM |
| Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XSS in the text input field since the result dashboard page output is not sanitized. The Concrete CMS security team has ranked this 4.2 with CVSS v3.1 vector AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N Thanks @_akbar_jafarli_ for reporting. Remediate by updating to Concrete CMS 8.5.10 and Concrete CMS 9.1.3. | |||||
| CVE-2022-40968 | 1 2kblater | 1 2kb Amazon Affiliates Store | 2022-12-06 | N/A | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) vulnerability in 2kb Amazon Affiliates Store plugin <=2.1.5 on WordPress. | |||||
| CVE-2022-43706 | 1 Stackstorm | 1 Stackstorm | 2022-12-06 | N/A | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users. | |||||
| CVE-2022-43097 | 1 User Registration \& User Management System Project | 1 User Registration \& User Management System | 2022-12-06 | N/A | 5.4 MEDIUM |
| Phpgurukul User Registration & User Management System v3.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & login pages. | |||||
| CVE-2021-34181 | 1 Tomexam | 1 Tomexam | 2022-12-06 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in TomExam 3.0 via p_name parameter to list.thtml. | |||||
| CVE-2022-45020 | 1 Rukovoditel | 1 Rukovoditel | 2022-12-06 | N/A | 8.8 HIGH |
| Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in the component /rukovoditel/index.php?module=users/login. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | |||||
| CVE-2022-45990 | 1 Ecommerce-website Project | 1 Ecommerce-website | 2022-12-06 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the component /signup_script.php of Ecommerce-Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter. | |||||
| CVE-2022-45769 | 1 Clicshopping | 1 Clicshopping V3 | 2022-12-06 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in ClicShopping_V3 v3.402 allows attackers to execute arbitrary web scripts or HTML via a crafted URL parameter. | |||||
| CVE-2022-3909 | 1 Add Comments Project | 1 Add Comments | 2022-12-06 | N/A | 4.8 MEDIUM |
| The Add Comments WordPress plugin through 1.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-3892 | 1 Wp-oauth | 1 Wp Oauth Server | 2022-12-06 | N/A | 4.8 MEDIUM |
| The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.2 does not sanitize and escape Client IDs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-3838 | 1 Wpupper Share Buttons Project | 1 Wpupper Share Buttons | 2022-12-06 | N/A | 4.8 MEDIUM |
| The WPUpper Share Buttons WordPress plugin through 3.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-3830 | 1 Themeum | 1 Wp Page Builder | 2022-12-06 | N/A | 4.8 MEDIUM |
| The WP Page Builder WordPress plugin through 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-3426 | 1 Advanced Wp Columns Project | 1 Advanced Wp Columns | 2022-12-06 | N/A | 4.8 MEDIUM |
| The Advanced WP Columns WordPress plugin through 2.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||