CVE-2022-42466

Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. In particular, the end-user could enter javascript or similar and this would be executed. As of this release,...

CVE-2022-37063

All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to Cross Site Scripting XSS due to improper input sanitization. An authenticated remote attacker can execute arbitrary JavaScript code in the web management interface. A successful exploit could allow the...

CVE-2022-37386

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2022-37162

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS. An attacker can obtain javascript code execution by adding arbitrary javascript code in the 'Location' field of a calendar event...

CVE-2022-37383

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2022-37028

ISAMS 22.2.3.2 is prone to stored Cross-site Scripting XSS attack on the title field for groups, allowing an attacker to store a JavaScript payload that will be executed when another user uses the application...

CVE-2022-37253

Persistent cross-site scripting XSS in Crime Reporting System 1.0 allows a remote attacker to introduce arbitary Javascript via manipulation of an unsanitized POST parameter...

CVE-2022-31470

An XSS vulnerability in the indexmobilechangepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session for a logged-in user, can access and retrieve mailbox content...

CVE-2022-26497

BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have a username containing a JavaScript payload. The payload gets executed in the browser of the victim in the "Share room access" dialog if the victim has shared access to the particular room with the attacker previously...

CVE-2022-35289

A write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of...

CVE-2022-35587

A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publishondate" Parameter...

CVE-2022-35590

A cross-site scripting XSS issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "enddate" Parameter...

CVE-2017-18871

An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3.4, and 4.2.2. It allows attackers to cause a denial of service application crash via an @ character before a JavaScript field name...

CVE-2019-18653

A Cross Site Scripting XSS issue exists in Avast AntiVirus Free, Internet Security, and Premiere Edition 19.3.2369 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name...

CVE-2019-18350

In Ant Design Pro 4.0.0, reflected XSS in the user/login redirect GET parameter affects the authorization component, leading to execution of JavaScript code in the login after-action script...

CVE-2019-18219

Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting XSS vulnerability, as it fails to validate user input. The affected components index.php, upgrade.php allow for JavaScript injection within both GET or POST requests, via a crafted URL or via the UpgradeMode POST parameter...

CVE-2019-18656

Pimcore 6.2.3 has XSS in the translations grid because bundles/AdminBundle/Resources/public/js/pimcore/settings/translations.js mishandles certain HTML elements...

CVE-2019-18834

Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCSAdminPostTypes in class-wcs-admin-post-types.php...

CVE-2019-18654

A Cross Site Scripting XSS issue exists in AVG AntiVirus Internet Security Edition 19.3.3084 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name...

CVE-2019-11812

A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107. JavaScript can be included in the discussion interface, and can be triggered by clicking on the link...