Total
38460 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4453 | 1 3dflipbook | 1 3d Flipbook | 2024-11-21 | N/A | 5.4 MEDIUM |
| The 3D FlipBook WordPress plugin through 1.13.2 does not validate or escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks against high privilege users like administrators. | |||||
| CVE-2022-4444 | 1 Ipti | 1 Tag | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability was found in ipti br.tag. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.13.0 is able to address this issue. The name of the patch is 7e311be22d3a0a1b53e61cb987ba13d681d85f06. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215431. | |||||
| CVE-2022-4421 | 1 Rathena | 1 Fluxcp | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability was found in rAthena FluxCP. It has been classified as problematic. Affected is an unknown function of the file themes/default/servicedesk/view.php of the component Service Desk Image URL Handler. The manipulation of the argument sslink leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 8a39b2b2bf28353b3503ff1421862393db15aa7e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215304. | |||||
| CVE-2022-4414 | 1 Nuxt | 1 Framework | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - DOM in GitHub repository nuxt/framework prior to v3.0.0-rc.13. | |||||
| CVE-2022-4413 | 1 Nuxt | 1 Framework | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository nuxt/framework prior to v3.0.0-rc.13. | |||||
| CVE-2022-4410 | 1 Permalink Manager Lite Project | 1 Permalink Manager Lite | 2024-11-21 | N/A | 6.4 MEDIUM |
| The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including 2.2.20.3 due to improper output escaping on post/page/media titles. This makes it possible for attackers to inject arbitrary web scripts on the permalink-manager page if another plugin or theme is installed on the site that allows lower privileged users with unfiltered_html the ability to modify post/page titles with malicious web scripts. | |||||
| CVE-2022-4408 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.9. | |||||
| CVE-2022-4407 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.9. | |||||
| CVE-2022-4401 | 1 Pallidlight Online Course Selection System Project | 1 Pallidlight Online Course Selection System | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability was found in pallidlight online-course-selection-system. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-215268. | |||||
| CVE-2022-4400 | 1 Fs-blog Project | 1 Fs-blog | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability was found in zbl1996 FS-Blog and classified as problematic. This issue affects some unknown processing of the component Title Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-215267. | |||||
| CVE-2022-4396 | 1 Pyrdfa3 Project | 1 Pyrdfa3 | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability was found in RDFlib pyrdfa3 and classified as problematic. This issue affects the function _get_option of the file pyRdfa/__init__.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is ffd1d62dd50d5f4190013b39cedcdfbd81f3ce3e. It is recommended to apply a patch to fix this issue. The identifier VDB-215249 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2022-4393 | 1 Avirtum | 1 Imagelinks | 2024-11-21 | N/A | 5.4 MEDIUM |
| The ImageLinks Interactive Image Builder for WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-4377 | 1 S-cms | 1 S-cms | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability was found in S-CMS 5.0 Build 20220328. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Contact Information Page. The manipulation of the argument Make a Call leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215197 was assigned to this vulnerability. | |||||
| CVE-2022-4361 | 1 Redhat | 6 Enterprise Linux, Keycloak, Openshift Container Platform and 3 more | 2024-11-21 | N/A | 10.0 CRITICAL |
| Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri. | |||||
| CVE-2022-4354 | 1 Pb-cms Project | 1 Pb-cms | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /blog/comment of the component Message Board. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-215114 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4353 | 1 Pb-cms Project | 1 Pb-cms | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability has been found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this vulnerability is the function IpUtil.getIpAddr. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215113 was assigned to this vulnerability. | |||||
| CVE-2022-4341 | 1 Coder-chain Gdut Project | 1 Coder-chain Gdut | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability has been found in csliuwy coder-chain_gdut and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /back/index.php/user/User/?1. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215095. | |||||
| CVE-2022-4330 | 1 Marcomilesi | 1 Wp Attachments | 2024-11-21 | N/A | 4.8 MEDIUM |
| The WP Attachments WordPress plugin before 5.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-4286 | 1 Br-automation | 1 Automation Runtime | 2024-11-21 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions >=3.00 and <=C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session. | |||||
| CVE-2022-4279 | 1 Oretnom23 | 1 Human Resource Management System | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability classified as problematic has been found in SourceCodester Human Resource Management System 1.0. Affected is an unknown function of the file /hrm/employeeview.php. The manipulation of the argument search leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214776. | |||||