Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4089 | 1 Stock Management System Project | 1 Stock Management System | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A vulnerability was found in rickxy Stock Management System. It has been declared as problematic. This vulnerability affects unknown code of the file /pages/processlogin.php. The manipulation of the argument user leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214324.
|
|||||
| CVE-2022-4069 | 1 Librenms | 1 Librenms | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.
|
|||||
| CVE-2022-4068 | 1 Librenms | 1 Librenms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary JavaScript in the context of an admin's account.
|
|||||
| CVE-2022-4067 | 1 Librenms | 1 Librenms | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.
|
|||||
| CVE-2022-4053 | 1 Student Attendance Management System Project | 1 Student Attendance Management System | 2024-11-21 | N/A | 2.4 LOW |
|
A vulnerability was found in Student Attendance Management System. It has been classified as problematic. Affected is an unknown function of the file createClass.php. The manipulation of the argument className leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-213846 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2022-4035 | 1 Dwbooster | 1 Appointment Hour Booking | 2024-11-21 | N/A | 7.2 HIGH |
|
The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general field parameters in versions up to, and including, 1.3.72 due to insufficient input sanitization and output escaping that makes injecting iFrame tags possible. This makes it possible for unauthenticated attackers to inject iFrames when submitting a booking that will execute whenever a user accesses the injected booking details page.
|
|||||
| CVE-2022-4032 | 1 Expresstech | 1 Quiz And Survey Master | 2024-11-21 | N/A | 7.2 HIGH |
|
The Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input sanitization and output escaping that allowed iframe tags to be injected. This makes it possible for unauthenticated attackers to inject iFrames in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2022-4029 | 1 Simple-press | 1 Simple\ | 2024-11-21 | N/A | 4.7 MEDIUM |
|
The Simple:Press plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sforum_[md5 hash of the WordPress URL]' cookie value in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This would be highly complex to exploit as it would req ...
Show More |
|||||
| CVE-2022-4028 | 1 Simple-press | 1 Simple\ | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postitem' parameter manipulated during the profile-save action when modifying a profile signature in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping that makes injecting object and embed tags possible. This makes it possible for authenticated attackers, with minimal permissions, such as a subscriber to inject arbitrary web scripts in pages when modifying a pro ...
Show More |
|||||
| CVE-2022-4027 | 1 Simple-press | 1 Simple\ | 2024-11-21 | N/A | 7.2 HIGH |
|
The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postitem' parameter manipulated during a forum response in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping that makes injecting object and embed tags possible. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages when responding to forum threads that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2022-4022 | 1 Benbodhi | 1 Svg Support | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The SVG Support plugin for WordPress defaults to insecure settings in version 2.5 and 2.5.1. SVG files containing malicious javascript are not sanitized. While version 2.5 adds the ability to sanitize image as they are uploaded, the plugin defaults to disable sanitization and does not restrict SVG upload to only administrators. This allows authenticated attackers, with author-level privileges and higher, to upload malicious SVG files that can be embedded in posts and pages by higher privileged u ...
Show More |
|||||
| CVE-2022-4007 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed attackers to perform arbitrary actions on behalf of victims at client side.
|
|||||
| CVE-2022-48614 | 1 Semantic-mediawiki | 1 Semantic Mediawiki | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Special:Ask in Semantic MediaWiki before 4.0.2 allows Reflected XSS.
|
|||||
| CVE-2022-48612 | 1 Classlink | 1 Oneclick | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression (validating whether a URL is controlled by ClassLink) is not present in all applicable places.
|
|||||
| CVE-2022-48547 | 1 Cacti | 1 Cacti | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A reflected cross-site scripting (XSS) vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at auth_changepassword.php.
|
|||||
| CVE-2022-48429 | 1 Jetbrains | 1 Hub | 2024-11-21 | N/A | 4.6 MEDIUM |
|
In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible
|
|||||
| CVE-2022-48428 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 4.6 MEDIUM |
|
In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible
|
|||||
| CVE-2022-48427 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 4.6 MEDIUM |
|
In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was possible
|
|||||
| CVE-2022-48426 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 4.6 MEDIUM |
|
In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible
|
|||||
| CVE-2022-48344 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 5.4 MEDIUM |
|
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.
|
|||||
| CVE-2022-48343 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 5.4 MEDIUM |
|
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.
|
|||||
| CVE-2022-48197 | 1 Yui Project | 1 Yui | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
|
|||||
| CVE-2022-48192 | 1 Softing | 1 Smartlink Sw-ht | 2024-11-21 | N/A | 7.2 HIGH |
|
Cross-site Scripting vulnerability in Softing smartLink SW-HT before 1.30, which allows an attacker to execute a dynamic script (JavaScript, VBScript) in the context of the application.
|
|||||
| CVE-2022-48010 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | N/A | 5.4 MEDIUM |
|
LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Welcome-message text fields. NOTE: the vendor indicates that this is not a vulnerability because the manipulation requires Superadministrator privileges, and Superadministrators are ...
Show More |
|||||
| CVE-2022-47983 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | N/A | 5.4 MEDIUM |
|
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 243161.
|
|||||
| CVE-2022-47928 | 1 Misp-project | 1 Malware Information Sharing Platform | 2024-11-21 | N/A | 6.1 MEDIUM |
|
In MISP before 2.4.167, there is XSS in the template file uploads in app/View/Templates/upload_file.ctp.
|
|||||
| CVE-2022-47610 | 1 Mrdigital | 1 Simple Image Popup | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mr Digital Simple Image Popup plugin <= 1.3.6 versions.
|
|||||
| CVE-2022-47608 | 1 Fullworksplugins | 1 Quick Contact Form | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Contact Form plugin <= 8.0.3.1 versions.
|
|||||
| CVE-2022-47607 | 1 Usersnap | 1 Usersnap | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Usersnap plugin <= 4.16 versions.
|
|||||
| CVE-2022-47606 | 1 Wp-cors Project | 1 Wp-cors | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tim Stephenson WP-CORS plugin <= 0.2.1 versions.
|
|||||
| CVE-2022-47603 | 1 Wpdevart | 1 Image And Video Gallery With Thumbnails | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.1 versions.
|
|||||
| CVE-2022-47602 | 1 Joomunited | 1 Wp Table Manager | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in JoomUnited WP Table Manager plugin <= 3.5.2 versions.
|
|||||
| CVE-2022-47600 | 1 I13websolution | 1 Mass Email To Users | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Mass Email To users plugin <= 1.1.4 versions.
|
|||||
| CVE-2022-47598 | 1 Wp Super Popup Project | 1 Wp Super Popup | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Plugins Pro WP Super Popup plugin <= 1.1.2 versions.
|
|||||
| CVE-2022-47596 | 1 Jeffrey-wp | 1 Media Library Categories | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeffrey-WP Media Library Categories plugin <= 1.9.9 versions.
|
|||||
| CVE-2022-47592 | 1 Magicform Project | 1 Magicform | 2024-11-21 | N/A | 7.1 HIGH |
|
Reflected Cross-Site Scripting (XSS) vulnerability in Dmytriy.Cooperman MagicForm plugin <= 0.1 versions.
|
|||||
| CVE-2022-47591 | 1 Map Multi Marker Project | 1 Map Multi Marker | 2024-11-21 | N/A | 7.1 HIGH |
|
Reflected Cross-Site Scripting (XSS) vulnerability in Mickael Austoni Map Multi Marker plugin <= 3.2.1 versions.
|
|||||
| CVE-2022-47590 | 1 Fugu | 1 Maintenance Switch | 2024-11-21 | N/A | 7.1 HIGH |
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fugu Maintenance Switch plugin <= 1.5.2 versions.
|
|||||
| CVE-2022-47589 | 1 Thisfunctional | 1 Ctt Expresso Para Woocommerce | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in this.Functional CTT Expresso para WooCommerce plugin <= 3.2.11 versions.
|
|||||
| CVE-2022-47587 | 1 Wp Search Analytics Project | 1 Wp Search Analytics | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cornel Raiu WP Search Analytics plugin <= 1.4.5 versions.
|
|||||