Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24229 | 1 Onlyoffice | 1 Document Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor. | |||||
| CVE-2022-24181 | 1 Public Knowledge Project | 1 Open Journal Systems | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote attackers to inject arbitary code via the X-Forwarded-Host Header. | |||||
| CVE-2022-24177 | 1 Exlibrisgroup | 1 Aleph 500 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the component cgi-bin/ej.cgi of Ex libris ALEPH 500 v18.1 and v20 allows attackers to execute arbitrary web scripts or HTML. | |||||
| CVE-2022-24135 | 1 Qingscan Project | 1 Qingscan | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| QingScan 1.3.0 is affected by Cross Site Scripting (XSS) vulnerability in all search functions. | |||||
| CVE-2022-24131 | 1 Douco | 1 Douphp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution. | |||||
| CVE-2022-24127 | 1 Vanderbilt | 1 Redcap | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability was discovered in ProjectGeneral/edit_project_settings.php in REDCap 12.0.11. This issue allows any user with project management permissions to inject arbitrary code into the project title (app_title) field when editing an existing project. The payload is then reflected within the title tag of the page. | |||||
| CVE-2022-24123 | 1 Marktext | 1 Marktext | 2024-11-21 | 6.8 MEDIUM | 9.0 CRITICAL |
| MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This could lead to Remote Code Execution via a .md file containing a mutation Cross-Site Scripting (XSS) payload. | |||||
| CVE-2022-24004 | 1 Vanderbilt | 1 Redcap | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Messenger/messenger_ajax.php in REDCap 12.0.11. This issue allows any authenticated user to inject arbitrary code into the messenger title (aka new_title) field when editing an existing conversation. The payload executes in the browser of any conversation participant with the sidebar shown. | |||||
| CVE-2022-23993 | 1 Pfsense | 2 Pfsense, Pfsense Plus | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| /usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS. | |||||
| CVE-2022-23988 | 1 Westguardsolutions | 1 Ws Form | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape submitted form data, allowing unauthenticated attacker to submit XSS payloads which will get executed when a privileged user will view the related submission | |||||
| CVE-2022-23987 | 1 Westguardsolutions | 1 Ws Form | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape their Form Name, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-23980 | 1 Yet Another Stars Rating Project | 1 Yet Another Stars Rating | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability discovered in Yasr – Yet Another Stars Rating WordPress plugin (versions <= 2.9.9), vulnerable at parameter 'source'. | |||||
| CVE-2022-23916 | 1 Appleple | 1 A-blog Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-24374. | |||||
| CVE-2022-23912 | 1 Accesspressthemes | 1 Ap Custom Testimonial | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not sanitise and escape the id parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting | |||||
| CVE-2022-23907 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage. | |||||
| CVE-2022-23903 | 1 Pearadmin | 1 Pear Admin Think | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in pearadmin pear-admin-think <=5.0.6, which allows a login account to access arbitrary functions and cause stored XSS through a fake User-Agent. | |||||
| CVE-2022-23896 | 1 Admidio | 1 Admidio | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Admidio 4.1.2 version is affected by stored cross-site scripting (XSS). | |||||
| CVE-2022-23872 | 1 Emlog | 1 Emlog | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Emlog pro v1.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /admin/configure.php via the parameter footer_info. | |||||
| CVE-2022-23871 | 1 Gibbonedu | 1 Gibbon | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the component outcomes_addProcess.php of Gibbon CMS v22.0.01 allow attackers to execute arbitrary web scripts or HTML via a crafted payload insterted into the name, category, description parameters. | |||||
| CVE-2022-23801 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media. | |||||