CVE-2022-2230

Removed by vendor...

WordPress Active Products Tables for WooCommerce plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Active Products Tables for WooCommerce plugin version prior to 1.0.5 has a cross-site scripting...

Shopware Cross-Site Scripting Vulnerability (CNVD-2022-58390)

Shopware is a German Shopware company's open source e-commerce software. A cross-site scripting vulnerability exists in Shopware versions prior to 5.7.12, which stems from a lack of checksum filtering of user-supplied and output data during login authentication. An attacker can exploit this...

Admidio Cross-Site Scripting Vulnerability

Admidio is an open source member management system from the Admidio team. The system supports member lists, event management, guestbooks, photo albums and downloads. A cross-site scripting vulnerability exists in Admidio version 4.1.2, which stems from the program's lack of checksum filtering of...

Jorani Cross-Site Scripting Vulnerability (CNVD-2022-58885)

Benjamin BALET Jorani is a leave management system from the French personal developer Benjamin BALET. Designed to provide small organizations with a simple workflow for leave and overtime requests, Benjamin BALET Jorani version 1.0 contains a cross-site scripting vulnerability stemming from a lac...

WordPress Security plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress WordPress Security plugin versions prior to 4.2.1 have a cross-site scripting vulnerability that...

ScratchTools Cross-Site Scripting Vulnerability

ScratchTools is a web extension to the STForScratch open source. Designed to make interaction with the Scratch programming language community Scratching easier, ScratchTools suffers from a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of...

Library Management System跨站脚本漏洞

Library Management System is a library management system with QR code attendance and automatic library card generation. version 1.0 of Library Management System has a cross-site scripting vulnerability that originates in the file /admin/editadmindetails.php?id= The admin's parameter Name lacks a...

WordPress Nested Pages plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Nested Pages plugin version prior to 3.1.21 has a cross-site scripting vulnerability that...

CVE-2021-39074

IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

IBM Robotic Process Automation跨站脚本漏洞

IBM Robotic Process Automation is a robotic process automation product from IBM, Inc. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. IBM Robotic Process Automation versions 21.0.1 and 21.0.2 contain a cross-site scripting vulnerability th...

PortlandLabs Concrete CMS Cross-Site Scripting Vulnerability (CNVD-2022-54305)

PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. A cross-site scripting vulnerability exists in PortlandLabs Concrete CMS, which originates in /dashboard/blocks/stacks/view details. The vulnerability stems from the lack of data validation...

Raytion Custom Security Manager Cross-Site Scripting Vulnerability

Raytion, a search connector from the German company Raytion, is vulnerable to a cross-site scripting vulnerability in Raytion version 7.2.0. The vulnerability stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability t...

IBM Jazz Team Server Cross-Site Scripting Vulnerability (CNVD-2022-51659)

IBM Jazz Team Server is an application server from IBM Corporation in the United States. provides base services that enable a group of tools to work together as a single logical server and includes any number of Jazz Team Server Extensions that provide tool-specific functionality. IBM Jazz Team...

Wire Cross-Site Scripting Vulnerability (CNVD-2022-65920)

Wire is a chat software from the German company Wire. The software supports Web, WindowsiOS, Android, and OS X platforms, has group functionality, can make voice calls, send photos, and its original greeting method, PING. Wire has a cross-site scripting vulnerability that stems from insufficient...

CVE-2022-1321

The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example ...

Cross site scripting

The Malware Scanner WordPress plugin before 4.5.2 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite setup...

CVE-2022-1029 Limit Login Attempts < 4.0.72 - Admin+ Stored Cross-Site Scripting

The Limit Login Attempts WordPress plugin before 4.0.72 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite...

Jfinal CMS Cross-Site Scripting Vulnerability (CNVD-2022-58383)

Jfinal CMS is a java development of powerful information consulting website , using a simple and powerful JFinal as the web framework , template engine with beetl, database with mysql, front-end bootstrap framework. Jfinal CMS v5.1.0 version of the cross-site scripting vulnerability , the...

74cms Cross-Site Scripting Vulnerability (CNVD-2022-58895)

74cms is a PHP and MySQL-based online recruitment system from China Xunyi Technology. 74cmsSE version v3.5.1 contains a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output from path/job. An attacker could exploit this vulnerabili...