6239 matches found
CVE-2022-36533
Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain a cross-site scripting XSS vulnerability...
CVE-2022-37462
A stored Cross-Site Scripting XSS vulnerability in the Chat gadget in Upstream Works Agent Desktop for Cisco Finesse through 4.2.12 and 5.0 allows remote attackers to inject arbitrary web script or HTML via AttachmentId in the file-upload details...
CVE-2022-36657
Library Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the component /librarian/editbookdetails.php...
CVE-2022-35162
Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the CATEGORY parameter at /category/controller.php?action=edit...
CVE-2022-34193
Jenkins Package Version Plugin 1.0.1 and earlier does not escape the name of Package version parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-2194
The Accept Stripe Payments WordPress plugin before 2.0.64 does not sanitize and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-34783
Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34195
Jenkins Repository Connector Plugin 2.2.0 and earlier does not escape the name and description of Maven Repository Artifact parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-32124
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting XSS vulnerability via the component /index/jobfairol/show/...
CVE-2022-3136
The Social Rocket WordPress plugin before 1.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-32129
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting XSS vulnerability via the path /company/account/safety/trade...
CVE-2022-29649
Qsmart Next v4.1.2 was discovered to contain a cross-site scripting XSS vulnerability...
CVE-2022-45223
Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting XSS vulnerability in /Admin/add-student.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter...
CVE-2022-29732
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting XSS vulnerability via the Username parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2022-29043
Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34025
Vesta v1.0.0-5 was discovered to contain a cross-site scripting XSS vulnerability via the post function at /web/api/v1/upload/UploadHandler.php...
CVE-2022-2365
Cross-site Scripting XSS - Stored in GitHub repository zadam/trilium prior to 0.53.3...
CVE-2022-2409
The Rough Chart WordPress plugin through 1.0.0 does not properly escape chart data label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-23637
K-Box is a web-based application to manage documents, images, videos and geodata. Prior to version 0.33.1, a stored Cross-Site-Scripting XSS vulnerability is present in the markdown editor used by the document abstract and markdown file preview. A specifically crafted anchor link can, if clicked,...
CVE-2022-1910
The Shortcodes and extra features for Phlox WordPress plugin before 2.9.8 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting...